Lame server in cache in Bind 9.2.1 ?

Mark Andrews Mark_Andrews at isc.org
Mon May 9 22:45:15 UTC 2005 

> Greetings.
> 
> We are running two Bind 9.2.1 name servers on Solaris.  We are having
> trouble with a particular domain -- sbj.net.  I know there is a problem
> with the domain.  The root servers think that ns1-auth.sprintlink.net and
> ns1.corpranet.net are supposed to be the authoritative servers for the
> domain, whereas ns1.corpranet.net and ns1.positech.net are apparently
> *supposed* to be the authoritative servers, and ns1-auth.sprintlink.net
> indicates that it is *not* authoritative for sbj.net.
> 
> If I flush the cache (rndc flush) on our servers, they will successfully
> resolve the A record for sbj.net.  A dump of the database at that point
> shows that our servers have cached ns1.corpranet.net and ns1.positech.net
> as nameservers for sbj.net:
> 
> ----------------------------------------------------------------
> ; authauthority
> sbj.net.                3554    NS      ns1.positech.net.
>                         3554    NS      ns1.corpranet.net.
> ; authanswer
>                         3554    A       69.27.136.10
> ; authanswer
> www.sbj.net.            3554    CNAME   sbj.net.
> ----------------------------------------------------------------
> 
> 
> After the NS records for sbj.net time out (1 hour), our servers then
> return SERVFAIL for sbj.net.  A dump of the database at that point shows
> that our servers have cached ns1.corpranet.net and ns1-auth.sprintlink.net
> as nameservers for sbj.net:
> 
> ------------------------------------------------------------------
> ; glue
> sbj.NET.                155685  NS      ns1.corpranet.net.
>                         155685  NS      ns1-auth.sprintlink.net.
> ; glue
> sbs2003.NET.            149675  NS      ns1.sbs2003.net.
> ------------------------------------------------------------------
> 
> 
> My questions are:
> 
> 1) Why do our servers sometime cache ns1.corpranet.net and
> ns1.positech.net as the nameservers for sbj.net, and why do they sometimes
> cache ns1.corpranet.net and ns1-auth.sprintlink.net instead?  Why are they
> not consistent?

	The first come from postitive answers which replace the delegation
	information from the parent zone.  The second are preserved
	by negative answers which don't include a NS RRset in the authority
	section.
 
> 2) *Should* our nameservers be caching ns1-auth.sprintlink.net as a
> nameserver for sbj.net, since that server is lame for sbj.net?

	Yes.

> 3) If the answer to (2) is yes, is there any way to configure our servers
> to keep them from caching lame servers (JUST the lame servers without
> affecting caching for anything else)?

	No.  The only way to stop it being cached is to get the delegation
	fixed.
 
 4) Why are our nameservers returning SERVFAIL when ns1-auth.sprintlink.net
> is in the cache, since ns1.corpranet.net is also in the cache and is
> authoritative for sbj.net.  (In other words, why don't our servers go
> ahead and try to query ns1.corpranet.net even though
> ns1-auth.sprintlink.net is lame for sbj.net?)

	SERVFAIL is the general (catch-all) failure message.  It can be
	caused by lots of things.  I would however upgrade as there have
	been bug fixes that address some of these issues.  That is also
	not to say that the delegation doesn't need to be fixed.
 
> I'm not saying our servers are doing anything wrong.  I just want to
> understand why they are doing what they are doing.
> 
> Thanks.
> 
> Ben Bridges
> Network Engineer
> SpringNet / City Utilities of Springfield, MO


	Looking at the dates in the whois output it looks like
	the registrar has failed to pass the updates along to
	the registry or the registry has rejected them.  See
	the "last updated" dates.

	Mark

Whois Server Version 1.3

Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.

   Domain Name: SBJ.NET
   Registrar: INTERCOSMOS MEDIA GROUP, INC. D/B/A DIRECTNIC.COM
   Whois Server: whois.directnic.com
   Referral URL: http://www.directnic.com
   Name Server: NS1-AUTH.SPRINTLINK.NET
   Name Server: NS1.CORPRANET.NET
   Status: REGISTRAR-LOCK
   Updated Date: 18-nov-2004
   Creation Date: 07-feb-1997
   Expiration Date: 08-feb-2007


>>> Last update of whois database: Mon, 9 May 2005 08:40:49 EDT <<<

NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar.  Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.

TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability.  VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.

The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Registration and WHOIS Service Provided By: directNIC.com

Intercosmos Media Group, Inc. provides the data in the directNIC.com
Registrar WHOIS database for informational purposes only. The information
may only be used to assist in obtaining information about a domain name's
registration record.

directNIC makes this information available "as is," and does not guarantee
its accuracy.

Registrant:
 Springfield Business Journal
 313 Park Central West
 Springfield, MO 65801
 US
 417-831-3238


Domain Name: SBJ.NET

Administrative Contact:
 Webmaster, CorpraNet webmaster at corpranet.net
 720 W. Center Circle Dr.
 Nixa, MO 65714
 US
 417-725-0250


Technical Contact:
 Webmaster, CorpraNet webmaster at corpranet.net
 720 W. Center Circle Dr.
 Nixa, MO 65714
 US
 417-725-0250


Record last updated 03-18-2005 10:48:35 AM
Record expires on 02-08-2007
Record created on 02-07-1997

Domain servers in listed order:
	NS1.CORPRANET.NET	69.27.136.10
	NS1.POSITECH.NET	69.27.136.5


By submitting a WHOIS query, you agree you will use this data only for
lawful purposes.  You also agree that, under no circumstances, will you use
this data to:  a) allow, enable, or otherwise support the transmission by
email, telephone, or facsimile of mass, unsolicited, commercial advertising
or solicitations to entities other than the data recipient's own existing
customers; or to (b) enable high volume, automated, electronic processes
that send queries or data to the systems of any Registry Operator or
ICANN-Accredited registrar.

The compilation, repackaging, dissemination, or other use of this WHOIS
data is expressly prohibited without the prior written consent of
directNIC.com.

directNIC.com reserves the right to terminate your access to its WHOIS
database in its sole discretion, including without limitation, for
excessive querying of the database or for failure to otherwise abide by
this policy.

directNIC reserves the right to modify these terms at any time.

NOTE: THE WHOIS DATABASE IS A CONTACT DATABASE ONLY.
LACK OF A DOMAIN RECORD DOES NOT SIGNIFY DOMAIN AVAILABILITY.

--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org

More information about the bind-users mailing list