Hello, Given: BIND 9.7.2-P2 on Solaris 10.
For about an hour, I had a network event where a caching DNS server could not get recursive queries back from authoritative DNS servers on the Internet. Obviously, this is a problem. Moreover, the authority for our most popular hostnames have set very low TTLs (less than a minute), so nothing in cache for the server to call upon during this hour long event. Yuck. A snoop of port 53 traffic at the time shows client PCs requested hostname resolution -- as they would normally do. Now, for the interesting part. >From the same snoop of traffic, the caching DNS server did not send ANY >response back to these PC clients for these low TTL popular hostnames. Keep in mind that I did snoop until *after* the event started. So, it may be the case that some BIND mechanism was behaving appropriate for queries which it could not act upon. I can appreciate that BIND makes decisions with network performance in mind. In my attempts to understand negative caching, Sections 7.1 and 7.2 of RFC 2308 list Server Failure and Dead / Unreachable Server as "(OPTIONAL)" utilities. Bind 9.7 ARM says that "the server stores negative answers" for (default) 3 hours; however, I'm not sure what the expected BIND behavior is. Would some mechanism, such has max-ncache-ttl or clients-per-query, be responsible for this lack of return traffic? Anyone have ideas to share? Thank you. _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
