Re: Weird named problem - IN A for nameservers being lost!

Mon, 16 Jul 2001 17:51:16 -0700 


:
:
:On Mon, 16 Jul 2001, Matt Dillon wrote:
:
:>     I've been trying to track down a weird problem with our mail system
:>     suddenly believing that a host does not exist, or timing out in DNS.
:>
:>     I tracked it down to the DNS server, but I am not entirely sure what is
:>     going on.  What appears to be happening is that the glue IN A record
:>     for the NS server for a domain is getting lost, and the NS record is
:>     remaining.  When named gets into this state, it doesn't seem to be able
:>     to recover... it sees the NS record but it can't resolve it because
:>     the glue record is gone, and it doesn't try to get it after that.
:
:This looks like a problem brought up on the djbdns mailing list a long
:while ago.  When the NS records listed with the roots and the NS records
:returned by the NSes don't match (or share any NSes whatsoever, for that
:matter), BIND breaks as you've described.
:
:The resolution, as I recall, was "don't do that!"  Bind 9 might handle the
:case correctly, as might djbdns.  In any case, the admins of
:jamcracker.com should be synchronizing their NS listings.
:
:Here's how it is now:

    I don't think that's it... if you look at the dumps, there were no timeouts
    in the 2-day range.  The original glue NS records (from exodus) had already
    been completely replaced by the NS record from their zone.  Everything in
    their zones is already synchronized.

                                                -Matt

:> dig jamcracker.com NS
:
:; <<>> DiG 8.3 <<>> jamcracker.com NS
:;; res options: init recurs defnam dnsrch
:;; got answer:
:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
:;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2
:;; QUERY SECTION:
:;;      jamcracker.com, type = NS, class = IN
:
:;; ANSWER SECTION:
:jamcracker.com.         2D IN NS        SCA03.SEC.DNS.EXODUS.NET.
:jamcracker.com.         2D IN NS        SCA02.SEC.DNS.EXODUS.NET.
:
:> dig jamcracker.com NS @sca03.sec.dns.exodus.net
:
:; <<>> DiG 8.3 <<>> jamcracker.com NS @sca03.sec.dns.exodus.net
:; (1 server found)
:;; res options: init recurs defnam dnsrch
:;; got answer:
:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
:;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
:;; QUERY SECTION:
:;;      jamcracker.com, type = NS, class = IN
:
:;; ANSWER SECTION:
:jamcracker.com.         1H IN NS        fuji.jamcracker.com.
:
:Mike "Silby" Silbersack

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message

Reply via email to