* Rob Tanner: > I'm trying to figure out if this is my problem or a Facebook problem. > The first issue was with facebookmail.com. The cache entry would > become corrupt and I would have to clear cache to get things back to > working again. Since facebookmail.com resolves to a single IP > address, my work around was to make my internal DNS authoritative for > it and the problem went away.
You should have investigated this. Caches don't corrupt so easily. There might be someone tampering with your network. For example, it seems that the (PIX?) firewall which is in front of the resolver used by your incoming mail relay destroys source port randomization and assigns ports sequentially. If you have a similar setup for your end-user resolvers, you might be exposed to significantly increased cache poisoning risk. > A week ago, DNS lookups for facebook.com failed completely. Even > restarting the DNS service didn't fix the problem. Currently, and as > a temporary fix only, I am forwarding facebook,com lookups to an > off-campus server which does not seem to have the problem. And now, > as of last night, lookups to fbcdn.net (which apparently hosts > stylesheets) fail completely and I've implemented the same forwarding Have you got any log entries you can share? What does "dig facebook.com +trace +norecurse +all" show on the name server? Can you dump the name server cache using "rndc dumpdb" and extract the relevant records? _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
