Problems with bind9 caching too long
Mark Andrews
Mark_Andrews at isc.org
Mon Mar 14 19:21:15 UTC 2005
> On Fri, Mar 11, 2005 at 07:37:56PM -0500, Kevin Darcy wrote:
> > No, that's not a BIND bug. You've left the old version of the zone
> > running on ns1.pbi.net and ns2.pbi.net, and they'll keep on giving out
> > the stale NS records in response to queries. Other caching nameservers
> > such as aludra.usc.edu which had the NS records cached from prior to the
> > switchover will keep on using those nameservers to resolve nakos.net
> > names, and therefore keep seeing regurgitations of the stale NS records,
> > and the cycle will repeat until those caching nameservers are restarted
> > or those particular records in their caches expire or are purged out, or
> > until the pbi.net nameservers stop answering with stale NS records for
> > the zone (i.e. the zone is removed from them or is replaced by a more
> > up-to-date version).
> Also, every other DNS server I can find on the net has up-to-date information
> - it's only our USC servers that have the old info... which makes me very
> suspicious that no server "should" legitimately pick this up until the old
> NS servers go away. As I said, the stale record in question here comes from
> the root servers (well, the .net servers), not ns1.pbi.net...
Phil, the record comes from the pbi.net servers. The reason most
of the rest of the net doesn't have the old addresses is that:
a) they are running a version of a nameserver that has been
detuned to handle this case of zone mismanagement. Both
BIND 8 and BIND 9 have had to be detuned to handle this.
b) they didn't have a query under nakos.net for two days.
Either of these would have cased the caches to flush the NS RRset.
You obviously communicate a lot w/ nakos.net. This caused the
cache to refresh the NS RRset using the authority section from
ns1.pbi.net/ns2.pbi.net everytime it received a answer from them
for a nakos.net zone query.
Mark
> --
> Phil Dibowitz
> Systems Architect and Administrator
> Enterprise Infrastructure / ISD / USC
> UCC 174 - 213-821-5427
>
>
> -- Attached file included as plaintext by Ecartis --
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.3 (GNU/Linux)
>
> iD8DBQFCNLfS7lkZ1Iyv898RAmuhAJ0anI+I83v9RtA/ZZYYKOyJCmEaMQCfQbLM
> /XLFso9lqJjhrsHDHNSFsb4=
> =sOiy
> -----END PGP SIGNATURE-----
>
>
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list