Lame server in cache in Bind 9.2.1 ?
Mark Andrews
Mark_Andrews at isc.org
Mon May 9 22:45:15 UTC 2005
> Greetings.
>
> We are running two Bind 9.2.1 name servers on Solaris. We are having
> trouble with a particular domain -- sbj.net. I know there is a problem
> with the domain. The root servers think that ns1-auth.sprintlink.net and
> ns1.corpranet.net are supposed to be the authoritative servers for the
> domain, whereas ns1.corpranet.net and ns1.positech.net are apparently
> *supposed* to be the authoritative servers, and ns1-auth.sprintlink.net
> indicates that it is *not* authoritative for sbj.net.
>
> If I flush the cache (rndc flush) on our servers, they will successfully
> resolve the A record for sbj.net. A dump of the database at that point
> shows that our servers have cached ns1.corpranet.net and ns1.positech.net
> as nameservers for sbj.net:
>
> ----------------------------------------------------------------
> ; authauthority
> sbj.net. 3554 NS ns1.positech.net.
> 3554 NS ns1.corpranet.net.
> ; authanswer
> 3554 A 69.27.136.10
> ; authanswer
> www.sbj.net. 3554 CNAME sbj.net.
> ----------------------------------------------------------------
>
>
> After the NS records for sbj.net time out (1 hour), our servers then
> return SERVFAIL for sbj.net. A dump of the database at that point shows
> that our servers have cached ns1.corpranet.net and ns1-auth.sprintlink.net
> as nameservers for sbj.net:
>
> ------------------------------------------------------------------
> ; glue
> sbj.NET. 155685 NS ns1.corpranet.net.
> 155685 NS ns1-auth.sprintlink.net.
> ; glue
> sbs2003.NET. 149675 NS ns1.sbs2003.net.
> ------------------------------------------------------------------
>
>
> My questions are:
>
> 1) Why do our servers sometime cache ns1.corpranet.net and
> ns1.positech.net as the nameservers for sbj.net, and why do they sometimes
> cache ns1.corpranet.net and ns1-auth.sprintlink.net instead? Why are they
> not consistent?
The first come from postitive answers which replace the delegation
information from the parent zone. The second are preserved
by negative answers which don't include a NS RRset in the authority
section.
> 2) *Should* our nameservers be caching ns1-auth.sprintlink.net as a
> nameserver for sbj.net, since that server is lame for sbj.net?
Yes.
> 3) If the answer to (2) is yes, is there any way to configure our servers
> to keep them from caching lame servers (JUST the lame servers without
> affecting caching for anything else)?
No. The only way to stop it being cached is to get the delegation
fixed.
4) Why are our nameservers returning SERVFAIL when ns1-auth.sprintlink.net
> is in the cache, since ns1.corpranet.net is also in the cache and is
> authoritative for sbj.net. (In other words, why don't our servers go
> ahead and try to query ns1.corpranet.net even though
> ns1-auth.sprintlink.net is lame for sbj.net?)
SERVFAIL is the general (catch-all) failure message. It can be
caused by lots of things. I would however upgrade as there have
been bug fixes that address some of these issues. That is also
not to say that the delegation doesn't need to be fixed.
> I'm not saying our servers are doing anything wrong. I just want to
> understand why they are doing what they are doing.
>
> Thanks.
>
> Ben Bridges
> Network Engineer
> SpringNet / City Utilities of Springfield, MO
Looking at the dates in the whois output it looks like
the registrar has failed to pass the updates along to
the registry or the registry has rejected them. See
the "last updated" dates.
Mark
Whois Server Version 1.3
Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.
Domain Name: SBJ.NET
Registrar: INTERCOSMOS MEDIA GROUP, INC. D/B/A DIRECTNIC.COM
Whois Server: whois.directnic.com
Referral URL: http://www.directnic.com
Name Server: NS1-AUTH.SPRINTLINK.NET
Name Server: NS1.CORPRANET.NET
Status: REGISTRAR-LOCK
Updated Date: 18-nov-2004
Creation Date: 07-feb-1997
Expiration Date: 08-feb-2007
>>> Last update of whois database: Mon, 9 May 2005 08:40:49 EDT <<<
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Registration and WHOIS Service Provided By: directNIC.com
Intercosmos Media Group, Inc. provides the data in the directNIC.com
Registrar WHOIS database for informational purposes only. The information
may only be used to assist in obtaining information about a domain name's
registration record.
directNIC makes this information available "as is," and does not guarantee
its accuracy.
Registrant:
Springfield Business Journal
313 Park Central West
Springfield, MO 65801
US
417-831-3238
Domain Name: SBJ.NET
Administrative Contact:
Webmaster, CorpraNet webmaster at corpranet.net
720 W. Center Circle Dr.
Nixa, MO 65714
US
417-725-0250
Technical Contact:
Webmaster, CorpraNet webmaster at corpranet.net
720 W. Center Circle Dr.
Nixa, MO 65714
US
417-725-0250
Record last updated 03-18-2005 10:48:35 AM
Record expires on 02-08-2007
Record created on 02-07-1997
Domain servers in listed order:
NS1.CORPRANET.NET 69.27.136.10
NS1.POSITECH.NET 69.27.136.5
By submitting a WHOIS query, you agree you will use this data only for
lawful purposes. You also agree that, under no circumstances, will you use
this data to: a) allow, enable, or otherwise support the transmission by
email, telephone, or facsimile of mass, unsolicited, commercial advertising
or solicitations to entities other than the data recipient's own existing
customers; or to (b) enable high volume, automated, electronic processes
that send queries or data to the systems of any Registry Operator or
ICANN-Accredited registrar.
The compilation, repackaging, dissemination, or other use of this WHOIS
data is expressly prohibited without the prior written consent of
directNIC.com.
directNIC.com reserves the right to terminate your access to its WHOIS
database in its sole discretion, including without limitation, for
excessive querying of the database or for failure to otherwise abide by
this policy.
directNIC reserves the right to modify these terms at any time.
NOTE: THE WHOIS DATABASE IS A CONTACT DATABASE ONLY.
LACK OF A DOMAIN RECORD DOES NOT SIGNIFY DOMAIN AVAILABILITY.
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list