[Pdns-users] NSATC.net microsoft problem last week - did you notice?
Darren Gamble
darren.gamble at sjrb.ca
Tue Aug 7 14:03:58 UTC 2007
Hi all,
> I also noticed this. After digging the cache content of my DNS, I have
> found
> that nsatc.net only have one NS entry in my cache and that entry did
not
> reply
> to DNS request. Removing nsatc.net entries from my cache resolve the
issue
> (rec_control wipe-cache nsatc.net).
> I guess that someone did a mistake when they changed nsatc.net NS
entries. > This wrong/partial configuration propagated to some DNS
resolver depending > of the TTL expiration until the nsatc.net zone was
fixed.
It's a good guess, but I'm betting that is not the case.
I have confirmed that the current recursor still sometimes has problems
with updating cached entries with new data. Sometimes it merges the new
information with the old, which should never happen. The result is an
RRset that has information with varying TTLs- a DNS no-no. The outcome
is that information in the RRset will only partially expire (which is
WHY it's a no-no). This is often noticed when some, but not all, NS
records expire, and the remaining information is a single nonresponsive
server.
It's highly likely that this happened here.
But, sorry, I'm not actually sure yet what exact situation(s) still
cause the recursor to do this. I know Bert has previously squashed at
least two bugs on this very subject.
In theory, the recursor should always remove all old information for an
RRset when new information for that RRset is cached.
============================
Darren Gamble
Systems Architect, Regional Services
Shaw Cablesystems GP
630 - 3rd Avenue SW
Calgary, Alberta, Canada
T2P 4L4
(403) 781-4948
More information about the Pdns-users
mailing list