[Pdns-users] Possible bug observed in PowerDNS Recursor 3.2.1
bert.hubert at netherlabs.nl
Thu Aug 5 14:25:50 UTC 2010
Briefly diving into this:
On Thu, Aug 05, 2010 at 10:12:54AM -0400, Dave Sparro wrote:
> I see this all the time on BIND resolvers. The keys to the situation are:
> * Domain's old NS records have a relatively long TTL (from old auth.
> * Domain owner changes auth. servers with registrar
> * Domain owner does NOT update data on old auth. servers. (they're
> now serving stale data, but authoritatively)
> Since the domain owner is your ISP customer, you get get queries for
> the domain relatively often, so your recursive servers rely on the
> cached NS records for the domain (the ones that point to the auth.
> server serving stale data). I think that BIND resets the TTL when
> the recursive server sees NS records in the authority section of a
> response. Maybe PowerDNS is doing this as well?
PowerDNS 3.2 has a bug in this respect where it keeps believing the old
data. The 3.3 snapshot, in full production in some places, has this issue
I'll trawl through the entire thread to see if this is indeed the issue we
are talking about.
> I generally advise the domian owner to have the domain removed from
> the old auth. server.
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
More information about the Pdns-users