SOLVED -- Re: Problems with a BIND server
Barry Margolin
barmar at alum.mit.edu
Thu Oct 15 04:14:17 UTC 2009
In article <mailman.704.1255578769.14796.bind-users at lists.isc.org>,
Robert Moskowitz <rgm at htt-consult.com> wrote:
> When I queried from home.htt (really hda.home.htt), it appears that it
> does not matter that the SOA and NS are wrong and do not point to an IP
> address. It is authoratative for the zone and just reports from its
> cache. Likewise a client that uses it directly as its nameserver, would
> never be the wiser of the problem. Only when another nameserver did the
> lookup. If you look at that TCPDUMP use see the first lookup of say,
> wiki.home.htt which returns the A record. Then a lookup of home.htt
> which fails. From this point on, ANY lookup of any host in home.htt
> fails completely. The cache is 'ruined?' with that failed lookup of the
> NS from hda.home.htt.
When it recurses the first time, the response includes the NS records
from the authoritative server, as well as the A records if they're
in-bailiwick. These take precedence over the delegation and glue
records in the parent zone, which is why the cache is "ruined".
This is a common cause of intermittent DNS failures out on the public
Internet, when the NS records in a zone don't match the registered
nameservers.
--
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE don't copy me on replies, I'll read them in the group ***
More information about the bind-users
mailing list