Hello list I'm glad there is such an active list. Hope there is anybody out there who can help me with my little problem. :-) We are running six bind server ( all Ubuntu LTS 18.04 with bind 9.11.3 ), so they are pretty up to date. Three of them have authoritative zones, one is for testing and two are just caching servers. And there starts my problem. 1. It only appears on my caching servers and only if I use my other servers as forwarders. 2. At the moment the problem appears on my chaching servers I'm still able to let it resolve through my forwarders. 3. Only one organisation with several newspapers are affected. There may be others but I don't know at the moment.
Ok, all these newspapers are hosted on oraclecloud with short timers around 30s. # dig www.20min.ch ;; ANSWER SECTION: www.20min.ch. 39 IN CNAME tamedia.a.inregion.waas.oci.oraclecloud.net. tamedia.a.inregion.waas.oci.oraclecloud.net. 16 IN CNAME tm.inregion.waas.oci.oraclecloud.net. tm.inregion.waas.oci.oraclecloud.net. 16 IN CNAME eu-london.inregion.waas.oci.oraclecloud.net. eu-london.inregion.waas.oci.oraclecloud.net. 28 IN A 138.1.82.213 eu-london.inregion.waas.oci.oraclecloud.net. 28 IN A 147.154.234.67 eu-london.inregion.waas.oci.oraclecloud.net. 28 IN A 147.154.228.138 # dig www.tagesanzeiger.ch ;; ANSWER SECTION: www.tagesanzeiger.ch. 113 IN CNAME cnp-a-cre-p.newsnetz.ch. cnp-a-cre-p.newsnetz.ch. 113 IN CNAME tamedia.a.inregion.waas.oci.oraclecloud.net. tamedia.a.inregion.waas.oci.oraclecloud.net. 11 IN CNAME tm.inregion.waas.oci.oraclecloud.net. tm.inregion.waas.oci.oraclecloud.net. 12 IN CNAME eu-switzerland.inregion.waas.oci.oraclecloud.net. eu-switzerland.inregion.waas.oci.oraclecloud.net. 12 IN A 192.29.59.121 eu-switzerland.inregion.waas.oci.oraclecloud.net. 12 IN A 192.29.58.46 eu-switzerland.inregion.waas.oci.oraclecloud.net. 12 IN A 192.29.58.42 Now if I use my caching servers with forwarders enabled I run quite often into cases where resolving stops working for theses two domains at the same time. When I take a dump I see the following line: ; answer tm.inregion.waas.oci.oraclecloud.net. 893 \-AAAA ;-$NXRRSET I have to clear this host from cache to make it working again, for a few minutes. The stupid thing, this NXRRSET cache entry has a much higher lifetime. And so resolving stops working on my caching servers for more then 15min. Any idea how I could find out why this happens? There must be something between my DNS servers. They are in the same network, so there is no firewall between. Many thanks and regards Florian _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
