bind 9 ignores new data / TTL ?

[Barry Margolin]

In article <c257cp$2p1l$1 at sf1.isc.org>,
 hve at blasberg-computer.de (Hagen von Eitzen) wrote:
> Or a better understanding of what the real problem is? I tend to
> suspect that the source of evil might be that
> ns1.obsolete.example/ns2.obsolete.example still (wrongly) claim to be
> authoritative. Could that be right?

Yes.  Every time your server sends a query to ns1/2.obsolete.example, 
the answer includes NS records in the Authority section.  These are used 
to update the cache, which resets the TTL.

> But shouldn't the delegation of foo.example be rechecked from the
> example zone rather than from the (according to the cache to be
> validated) authoritative servers?

No, the only time the parent domain server is queried is when you don't 
have NS records for the subdomain in the cache.

The right solution is that when a domain is migrated to new nameservers, 
it must be removed from the obsolete servers (it's best to make them 
slaves of the new servers for a short period of time, to make the 
transition perfectly smooth).

-- 
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***