how did wrong record get cached?

Carol Deihl carol at tinker.com
Tue Aug 17 08:33:39 UTC 1999


Hello,

About a week ago I updated the InterNIC registration for a domain
that I am now hosting, which used to be hosted elsewhere. I
put my own two name servers in the record, and set my name servers
to give out the *old* address for the domain, since the domain
wasn't yet moved. The old name servers, according to nslookup,
had a ttl of 10 minutes. My own records had a ttl of 1 hour.
(Actually, I thought they were 5 minutes, but I've since learned
that soa ttl are only for negative responses...)

On Sunday morning (yesterday; well I guess now it's day before
yesterday), the client physically moved their server to my
hosting site, and I updated my own name servers to give out the
new IP address. Everything appeared fine until about 4:00
Monday afternoon, when the client suddenly couldn't reach his
server by domain name (but could by IP address). Investigation
revealed that the name server he was using apparently
acquired and cached the *old* IP address of the server. He had
been accessing the server successfully by domain name throughout
the day previously.

To make matters worse, dig on the server with the old address
reports that the current ttl on the
record is over 24 hours! Both dig and nslookup report that the
authoritative name servers for the domain in question are my
name servers, but the name server is still giving out the old
address.

It appears that there are a number of name servers that now have
cached the old (wrong) record, with a ttl much longer than
the ttl at the original name server!

Question 1: How did some name servers cache the wrong address,
considering that my name servers report the correct address,
and the previous name server had a ttl of 10 minutes?

Question 2: (Probably a dumb question, but...) Is there anything
I can do to cause the wrong record to time out sooner?

Question 3: What can I do to prevent this problem in the future?

I've been running name servers for a number of years, but I
am completely stumped by this. Please help!

Thanks,
Carol
-- 
Carol Deihl - principal, Shrier and Deihl - mailto:carol at tinker.com
Remote Unix Network Admin, Security, Internet Software Development
  Tinker Internet Services - Superior FreeBSD-based Web Hosting
                     http://www.tinker.com/


More information about the bind-users mailing list