[Pdns-users] Unresolvable domains with 3.1.1 and"auth-can-lower-ttl"

Darren Gamble darren.gamble at sjrb.ca
Tue Jun 13 21:38:38 UTC 2006 

Hi Bert,

If by "real problems" you mean "powerdns servers can't resolve the
domain for two days at a time", then yes, it's a real problem.

Another domain was just discovered that has this issue,
"beanstream.com".  It's pretty easy to reproduce the issue given a known
domain.

I completely understand about not wanting to cater to broken domains,
but, in this case I am fairly certain that the powerdns behavior is not
correct, in that different NS records for the same DNS name can't have
differing TTLs (someone can step in here and correct me if I'm wrong).
I note that one can not even configure a BIND authoritative server to do
this.

At any rate, this causes the cached list to change just by having time
pass- and if that leaves it with a list of only nonresponsive and/or
overloaded servers, all resolution on the domain breaks.  No other
caching software (that we've tried) behaves in this way, and thus aren't
affected by this situation.

Please let me know if more information is needed.  Thanks,

============================
Darren Gamble
Planner, Regional Services
Shaw Cablesystems GP
630 - 3rd Avenue SW
Calgary, Alberta, Canada
T2P 4L4
(403) 781-4948
 

> -----Original Message-----
> From: pdns-users-bounces at mailman.powerdns.com [mailto:pdns-users-
> bounces at mailman.powerdns.com] On Behalf Of bert hubert
> Sent: Tuesday, June 13, 2006 3:21 PM
> To: Darren Gamble
> Cc: pdns-users at mailman.powerdns.com
> Subject: Re: [Pdns-users] Unresolvable domains with 3.1.1
and"auth-can-
> lower-ttl"
> 
> On Tue, Jun 13, 2006 at 03:03:28PM -0600, Darren Gamble wrote:
> 
> > records with the higher TTLs. If that server(s) is/are also not
> > reachable- then the domain will be unresolvable until that NS record
> > expires.  When it does, this cycle will start again.  I believe that
> > different data for the same name is never supposed to have differing
TTL
> > values anyway...
> 
> Briefly, does it cause real problems? In other words, domains that
cannot
> be
> reached? The thing is, catering from broken domains often causes
problems
> for non-broken domains.
> 
> So far all other 3.1.1 problem reports have been resolved.
> 
> Kind regards,
> 
> bert hubert
> 
> 
> --
> http://www.PowerDNS.com      Open source, database driven DNS Software
> http://netherlabs.nl              Open and Closed source services
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users

More information about the Pdns-users mailing list