TTL problem wih bind 8.3.6 cache

Matus UHLAR - fantomas uhlar at fantomas.sk
Fri Apr 29 06:11:53 UTC 2005 

> On Apr 28, 2005, at 20:23, Matus UHLAR - fantomas wrote:
> >It seems that BIND updates the NS record for the zone, as long as it came
> >in AUTHORITY section, but does NOT update the A record, because it came
> >in ADDITIONAL section. Then, in 38385 seconds, bind will know that
> >multimedia.sk is delegated to 'opal.multimedia.sk' but won't know its IP
> >address and thous won't be able even to find it.
> >
> >Can anyone tell me, if this behaviour is correct? Did I made a mistake
> >somwehere? Or, where lies the main problem, except the fact that the
> >domain really should be delegated to more servers, probably in more
> >domains?

On 28.04 22:32, Jim Reid wrote:
> There is nothing wrong with BIND's behaviour in the scenario you 
> outlined. When the TTL for
> opal.multimedia.sk expires, the name will be removed from the name 
> server's cache. If it is then asked for that name again, the name 
> server will resolve it in precisely the same way as it resolved the 
> name before it was in the cache. ie By iteratively querying the root 
> (maybe) and .sk name servers, following the delegation chain.

Are you sure that BIND will query .sk TLD nameservers for opalmultimedia.sk
NS, if it has the _authoritative_ NS record for opalmultimedia.sk?
I just reproduced this behaviour:

uhlar at fantomas% dig any opalmultimedia.sk @rns3
;; ANSWER SECTION:
opalmultimedia.sk.      38108   IN      MX      16 opal.opalmultimedia.sk.

;; AUTHORITY SECTION:
opalmultimedia.sk.      38108   IN      NS      opal.opalmultimedia.sk.

... no additional section.

uhlar at fantomas% dig www.opalmultimedia.sk @rns3

; <<>> DiG 9.2.1 <<>> www.opalmultimedia.sk @rns3
;; global options:  printcmd
;; connection timed out; no servers could be reached

It seems to me, that bind is not fetching the glue records from .sk TLD.
Looking at bind dump database:

$ORIGIN sk.
opalmultimedia
        38057  IN  NS    opal.opalmultimedia.sk. ;Cr=auth [195.168.11.130]
        38057  IN  MX 16 opal.opalmultimedia.sk. ;Cr=auth [195.168.11.130]

$ORIGIN opalmultimedia.sk.
mail    3241   IN  CNAME opal.opalmultimedia.sk. ;Cr=auth [195.168.11.130]
ns2     47628  IN  A     195.168.11.130          ;Cr=addtnl [192.108.130.33]
        38038  IN  CNAME opal.opalmultimedia.sk. ;Cr=auth [195.168.11.130]
ns      47628  IN  A     195.168.11.130          ;NT=1 Cr=addtnl [192.108.130.33]
        38038  IN  CNAME opal.opalmultimedia.sk. ;Cr=auth [195.168.11.130]

Would this be different, if there were no 'ns' and 'ns2' records?
(I think that _only_ last two lines would be missing, with no difference in
the behaviour). 

> The difference in TTL values you showed is because you queried 
> different name servers.

I know. I added the authority data from its rigin server just for comparing.

-- 
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
WinError #98652: Operation completed successfully.

More information about the bind-users mailing list