Hi Wiley, I did have trouble with cached negatives. My isp is breaking my aDSL line at least once per day. When they had problems reconnecting I lost connectivity for a day when bind could not receive any answers for about 10 minutes.
Reload with rndc did not help but restarting bind did. I experienced this long ago with bind 8. Kind regards Peter Wiley Sanders wrote: > Howdy all, we're running 9.5.0-P2 (fairly recent) on two servers that > are recursive DNS sources for a medium sized college. This week, we > had more than a few users complaining about craigslist.org and > www.chase.com not resolving, and sure enough when I checked with dig > one of Craigslist's NS servers was not working right (sending SERVFAIL > replies). > > An "rndc flush" did not seem to get things working again immediately, > so I stopped and restarted named. I don't know what was up with Chase, > I didn't hear about that problem with that until after I fixed it. > > I am tempted to chalk this up to negative caching, but the default is > only a few hours and by the time I was notified, the users were > complaining they had been having problems with Craigslist for 2 weeks. > Just out of curiosity, I tuned max-ncache-ttl down to 10 min, but > max-ncache-ttl only affects caching of NXDOMAIN replies as I > understand it. > > Is BIND negative caching on SERVFAIL responses as well as NXDOMAIN > responses? (Unlikely.) > > What's the behavior of a recursive lookup when one NS host is dead and > the others are working? Does BIND try all of them or give up after the > first? > > Our setup is pretty generic, except that we allow the whole world > access for authoritative responses but allow recursive access only to > "inside" addresses with an "allow-recursion" statement. I suppose this > allows the rest of the world to try their hand at messing up our > cache. Chase and Craigslist being high-profile targets ... > > I searched around and Craigslist did have some DNS problems last > month, but mostly it was just people whining about it being their > carrier's fault somehow. > > Well, I'll stop my rambling on about this and if anyone has any > thoughts on the matter, thanks in advance, > > -W Sanders > http://wsanders.net > _______________________________________________ > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Peter and Karin Dambier Cesidian Root - Radice Cesidiana Rimbacher Strasse 16 D-69509 Moerlenbach-Bonsweiher +49(6209)795-816 (Telekom) +49(6252)750-308 (VoIP: sipgate.de) mail: pe...@peter-dambier.de http://www.peter-dambier.de/ http://iason.site.voila.fr/ https://sourceforge.net/projects/iason/ ULA= fd80:4ce1:c66a::/48 _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
