forwarders-weirdness

phn at icke-reklam.ipsec.nu phn at icke-reklam.ipsec.nu
Tue Jul 23 08:35:09 UTC 2002 

Felix Schattschneider <felix_schattschneider at ccmconsult.de> wrote:

> phn at icke-reklam.ipsec.nu wrote:
>> 
>>> Why's that??
>>> If you need any mor infromation, please say so.
>> 
>> lp1.ccmconsult.de. is handling out records with no TTL left (=0)
>> 
>> lp1.ccmconsult.de. is broken in more ways, it does not
>> answer TCP, and it has no SOA for the zone "www.makaranta.de"
>> It is also a single point of failure.
> lp1 is a radware Linkproof which is not designed to be a complete 
> nameserver.

It is used in a position where a complete nameserver is asked for.
Thus broken. Talk to your vendor.

> What ist does: if you have 2 or more provider Lines and one server address 
> on each line, it gives back for an A-query the address a) of a line that is 
> healthy, or better, if a line is dead, it gives back the (defined) address 
> from the other line and b) if proximity checking is on, it "learns" the 
> best route to the answering dns and can give back the best address next 
> time. Hence the low ttl (but granted, we're still exprimenting with the 
> ttl). Oh, and it's not a SPOF, because there's a backup device that will 
> take over in case of failure.

I know what it does. And no backup device will restore service if
the single ip for lp1.ccmconsult.de. is unavailable ( for network outage
reasons ?) 

> The problem though is not the lp1, which works fine, but the phenomen that 
> the bind seems to ask his forwarder (which is identical with the secondary 
> in this case) even if it is authoritative for the zone. I think it 
> shouldn't do that. It's a recursion or forwarder problem, I think...



>> 
>> The zone makaranta.de is also slightly screwed up, iy uses
>> a higer negative TTL ( 10800 ) then default TTL ( 3600 )
>> Note that a default TTL of 3600 is considered broken.
> Oops, my mistake, thanks...



> Felix


-- 
Peter Håkanson         
        IPSec  Sverige      ( At Gothenburg Riverside )
           Sorry about my e-mail address, but i'm trying to keep spam out,
	   remove "icke-reklam" if you feel for mailing me. Thanx.

More information about the bind-users mailing list