Glue records cached, when they should be coming from zone

Kevin Darcy kcd at chrysler.com
Tue Nov 20 22:39:14 UTC 2007 

Tuomas Toropainen wrote:
> Hello
>
> Kevin Darcy wrote:
>   
>> ns.lanwan.fi is *not* from the child zone, so you're authoritative for 
>> it and the TTL does not decrease.
>>     
>
> It is not that simple. Look at this, ns1.ar.lanwan.fi vs. ns2.ar.lanwan.fi:
>
>  >> The problem is clearly visible in this dig query. Look at the TTL of
>  >> ns1.ar.lanwan.fi A record. Why does ns2.ar.lanwan.fi have constant
>  >> default TTL while ns1 TTL is decrementing?
>  >>
>  >> ---8<---
>  >> $ dig ns ar.lanwan.fi. @ns.lanwan.fi.
>  >>
>  >> ; <<>> DiG 9.3.4 <<>> ns ar.lanwan.fi. @ns.lanwan.fi.
>  >> ; (1 server found)
>  >> ;; global options:  printcmd
>  >> ;; Got answer:
>  >> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1484
>  >> ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2
>  >>
>  >> ;; QUESTION SECTION:
>  >> ;ar.lanwan.fi.                  IN      NS
>  >>
>  >> ;; AUTHORITY SECTION:
>  >> ar.lanwan.fi.           86400   IN      NS      ns2.ar.lanwan.fi.
>  >> ar.lanwan.fi.           86400   IN      NS      ns1.ar.lanwan.fi.
>  >>
>  >> ;; ADDITIONAL SECTION:
>  >> ns1.ar.lanwan.fi.       32535   IN      A       213.255.168.10
>  >> ns2.ar.lanwan.fi.       86400   IN      A       213.255.168.20
>  >>
>  >> ;; Query time: 4 msec
>  >> ;; SERVER: 213.255.190.40#53(213.255.190.40)
>  >> ;; WHEN: Mon Nov 12 14:57:48 2007
>  >> ;; MSG SIZE  rcvd: 98

What about it? ns2.ar.lanwan.fi/A had probably expired completely from 
your cache, so in order to fill in the Additional Section on that 
response it had to fetch a fresh copy of the RRset, thus it had the 
1-day TTL. FWIW, I just made the same query and both A records had a TTL 
of 53988, which decremented on subsequent queries.
>> My question is: why do you characterize this as a "problem"? Seems to me 
>> everything is working as designed.
>>     
>
> Because I have received several automated emails from our local .fi 
> registry complaining that lanwan.fi. zone is not correctly configured in 
> ns.lanwan.fi. The specific problem is the occasional lack of 
> ns1.ar.lanwan.fi and/or ns2.ar.lanwan.fi glue records.
>   
The registry is complaining about something that is not required by the 
standards, then. Of course, it's their domain, so they get to set the 
rules. If they really require this, then make yourself a slave for the 
ar.lanwan.fi zone.

                                                                         
                     - Kevin

More information about the bind-users mailing list