bind 9.11.3 - resolving troubles running as a caching server

Bind Mailinglist bindbandbund at ggaweb.ch
Wed Nov 20 10:44:14 UTC 2019 

Hello list
I'm glad there is such an active list. Hope there is anybody out there
who can help me with my little problem. :-)
We are running six bind server ( all Ubuntu LTS 18.04 with bind 9.11.3
), so they are pretty up to date.
Three of them have authoritative zones, one is for testing and two are
just caching servers. And there starts my problem.
1. It only appears on my caching servers and only if I use my other
servers as forwarders.
2. At the moment the problem appears on my chaching servers I'm still
able to let it resolve through my forwarders.
3. Only one organisation with several newspapers are affected. There may
be others but I don't know at the moment.

Ok, all these newspapers are hosted on oraclecloud with short timers
around 30s.

# dig www.20min.ch
;; ANSWER SECTION:
www.20min.ch.           39      IN      CNAME  
tamedia.a.inregion.waas.oci.oraclecloud.net.
tamedia.a.inregion.waas.oci.oraclecloud.net. 16 IN CNAME
tm.inregion.waas.oci.oraclecloud.net.
tm.inregion.waas.oci.oraclecloud.net. 16 IN CNAME
eu-london.inregion.waas.oci.oraclecloud.net.
eu-london.inregion.waas.oci.oraclecloud.net. 28 IN A 138.1.82.213
eu-london.inregion.waas.oci.oraclecloud.net. 28 IN A 147.154.234.67
eu-london.inregion.waas.oci.oraclecloud.net. 28 IN A 147.154.228.138

# dig www.tagesanzeiger.ch
;; ANSWER SECTION:
www.tagesanzeiger.ch.   113     IN      CNAME   cnp-a-cre-p.newsnetz.ch.
cnp-a-cre-p.newsnetz.ch. 113    IN      CNAME  
tamedia.a.inregion.waas.oci.oraclecloud.net.
tamedia.a.inregion.waas.oci.oraclecloud.net. 11 IN CNAME
tm.inregion.waas.oci.oraclecloud.net.
tm.inregion.waas.oci.oraclecloud.net. 12 IN CNAME
eu-switzerland.inregion.waas.oci.oraclecloud.net.
eu-switzerland.inregion.waas.oci.oraclecloud.net. 12 IN A 192.29.59.121
eu-switzerland.inregion.waas.oci.oraclecloud.net. 12 IN A 192.29.58.46
eu-switzerland.inregion.waas.oci.oraclecloud.net. 12 IN A 192.29.58.42


Now if I use my caching servers with forwarders enabled I run quite
often into cases where resolving stops working for theses two domains at
the same time.
When I take a dump I see the following line:
; answer
tm.inregion.waas.oci.oraclecloud.net. 893 \-AAAA ;-$NXRRSET

I have to clear this host from cache to make it working again, for a few
minutes.
The stupid thing, this NXRRSET cache entry has a much higher lifetime.
And so resolving stops working on my caching servers for more then 15min.

Any idea how I could find out why this happens?
There must be something between my DNS servers. They are in the same
network, so there is no firewall between.

Many thanks and regards
Florian

More information about the bind-users mailing list