Negative Cache won't go!

Torsten toto at the-damian.de
Tue Jul 6 06:45:48 UTC 2010 

Hmm... where to start...


First, the authoritative nameservers for the domain klawrojna.com don't
even exist.


dig +norec @j.gtld-servers.net klawrojna.com ns

; <<>> DiG 9.7.0-P2-RedHat-9.7.0-10.P2.fc13 <<>> @j.gtld-servers.net klawrojna.com ns
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54332
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;klawrojna.com.			IN	NS

;; AUTHORITY SECTION:
klawrojna.com.		172800	IN	NS	ns1.klawrojna.com.
klawrojna.com.		172800	IN	NS	ns2.klawrojna.com.

;; ADDITIONAL SECTION:
ns1.klawrojna.com.	172800	IN	A	69.64.77.15
ns2.klawrojna.com.	172800	IN	A	69.64.77.15

;; Query time: 264 msec
;; SERVER: 192.48.79.30#53(192.48.79.30)
;; WHEN: Tue Jul  6 08:32:49 2010
;; MSG SIZE  rcvd: 99



dig +norec @69.64.77.15 ns1.klawrojna.com a

; <<>> DiG 9.7.0-P2-RedHat-9.7.0-10.P2.fc13 <<>> +norec @69.64.77.15 ns1.klawrojna.com a
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 46455
;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;ns1.klawrojna.com.		IN	A

;; AUTHORITY SECTION:
klawrojna.com.		10800	IN	SOA	ns.klawrojna.com. a.a.org. 1274650868 10800 3600 604800 10800

;; Query time: 166 msec
;; SERVER: 69.64.77.15#53(69.64.77.15)
;; WHEN: Tue Jul  6 08:35:26 2010
;; MSG SIZE  rcvd: 81



The only existing NS Record in the zone is ns.klawrojna.com which will
never be asked directly because it's not known by any nameservers up to
this point.


A +trace doesn't really work since the last response you get is
from one of the gtld root servers.



dig +trace www.klawrojna.com

; <<>> DiG 9.7.0-P2-RedHat-9.7.0-10.P2.fc13 <<>> +trace www.klawrojna.com
;; global options: +cmd
.			28185	IN	NS	l.root-servers.net.
.			28185	IN	NS	k.root-servers.net.
.			28185	IN	NS	d.root-servers.net.
.			28185	IN	NS	a.root-servers.net.
.			28185	IN	NS	i.root-servers.net.
.			28185	IN	NS	c.root-servers.net.
.			28185	IN	NS	b.root-servers.net.
.			28185	IN	NS	m.root-servers.net.
.			28185	IN	NS	g.root-servers.net.
.			28185	IN	NS	h.root-servers.net.
.			28185	IN	NS	j.root-servers.net.
.			28185	IN	NS	e.root-servers.net.
.			28185	IN	NS	f.root-servers.net.
;; Received 257 bytes from 10.43.3.1#53(10.43.3.1) in 2 ms

com.			172800	IN	NS	a.gtld-servers.net.
com.			172800	IN	NS	b.gtld-servers.net.
com.			172800	IN	NS	c.gtld-servers.net.
com.			172800	IN	NS	d.gtld-servers.net.
com.			172800	IN	NS	e.gtld-servers.net.
com.			172800	IN	NS	f.gtld-servers.net.
com.			172800	IN	NS	g.gtld-servers.net.
com.			172800	IN	NS	h.gtld-servers.net.
com.			172800	IN	NS	i.gtld-servers.net.
com.			172800	IN	NS	j.gtld-servers.net.
com.			172800	IN	NS	k.gtld-servers.net.
com.			172800	IN	NS	l.gtld-servers.net.
com.			172800	IN	NS	m.gtld-servers.net.
;; Received 498 bytes from 2001:500:3::42#53(l.root-servers.net) in 163 ms

klawrojna.com.		172800	IN	NS	ns1.klawrojna.com.
klawrojna.com.		172800	IN	NS	ns2.klawrojna.com.
;; Received 103 bytes from 192.55.83.30#53(m.gtld-servers.net) in 348 ms

;; connection timed out; no servers could be reached




The main reason it's working is because all of those nameservers share
the same IP (69.64.77.15). This is okay as long as this
nameserver isn't misbehaving (returning servfails or whatever else).



Ciao
Torsten



Am Mon, 5 Jul 2010 22:01:56 +0300
schrieb "Alans" <batpower83 at yahoo.co.uk>:

> BE CARFUL: my antivirus detects certain .png files on that website as
> potential viruses, please don't open it in the browser.
> The Website is: www.klawrojna.com Again, be careful.
> 
> Thanks,
> Alans
> 
> -----Original Message-----
> From: bind-users-bounces+batpower83=yahoo.co.uk at lists.isc.org
> [mailto:bind-users-bounces+batpower83=yahoo.co.uk at lists.isc.org] On
> Behalf Of Torsten
> Sent: Monday, July 05, 2010 9:36 AM
> To: bind-users at lists.isc.org
> Subject: Re: Negative Cache won't go!
> 
> Am Mon, 5 Jul 2010 09:17:06 +0300
> schrieb "Alans" <batpower83 at yahoo.co.uk>:
> 
> > Hi everyone,
> > 
> > There is a website that was returning servfail but works fine with
> > +trace. AFAIK, negative cache default value is 3 hrs, and I haven't
> > set max-ncache-ttl, also domain owner says he used default TTL in
> > his zone files.
> > I waited for 1 day and the website didn't work till I restarted
> > named. Also I used rndc flushname domainname.com (with and without
> > www.).
> > 
> > Is there any other way to solve this issue without restarting named?
> > And any clue why named isn't purging it?
> > I'm using Bind v9.4.2 on Centos 5.2.
> > 
> > Regards, 
> > Alans
> > 
> 
> 
> Which domain are you talking about?
> 
> 
> Ciao
> Torsten
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
> 
> __________ NOD32 5251 (20100704) Information __________
> 
> This message was checked by NOD32 antivirus system.
> http://www.eset.com
> 
>

More information about the bind-users mailing list