DNS cache problem
Andris Kalnozols
andris at hpl.hp.com
Mon Dec 3 22:22:32 UTC 2001
Speaking of possible corruption, your ISP is running a
vulnerable version of BIND. An upgrade to 8.2.5 should
be able to done with little or no change to their
infrastructure.
h2n -V zyvex.com
Verifying zone data for domain 'zyvex.com.':
Getting NS RRset...
Transferring zone... (from 'DFWNS2.AIRBAND.NET' [206.50.26.196])
Parsing zone data... (NS BIND version: 8.2.2-P7)
Performing in-zone and external lookups...
Warning: the nameserver supplying the zone data is running a version
of BIND that is vulnerable to the following bug(s):
infoleak & tsig.
See < http://www.isc.org/products/BIND/bind-security.html > and
< http://www.cert.org/advisories/CA-2001-02.html > for details.
Warning: found MX RR(s) pointing to the following problematic domain name(s):
mail.zyvex.com. [CNAME record]
Andris Kalnozols
> I get the new IP (I assume, it's not 64.241.222.34 at least):
>
> > zyvex.com. 172800 IN NS DFWNS1.AIRBAND.NET.
> > zyvex.com. 172800 IN NS DFWNS2.AIRBAND.NET.
> > ;; Received 118 bytes from 192.42.93.30#53(G.GTLD-SERVERS.NET) in 261 ms
> >
> > zyric.zyvex.com. 86400 IN A 216.138.97.43
> > zyvex.com. 86400 IN NS dfwns1.airband.net.
> > zyvex.com. 86400 IN NS dfwns2.airband.net.
> > ;; Received 143 bytes from 206.50.26.195#53(DFWNS1.AIRBAND.NET) in 181 ms
>
> Probably just a caching issue. Depending on how things were set up
> before it may take a while before it times out.
>
> And if the SOA record was corrupt, why was the zone even loaded? And
> no, the SOA record does not specify the cache time; that is a property
> of each individual RRset. The SOA record's last field is the
> _negative_ TTL.
>
>
> Michael Kjörling
>
>
> On Dec 3 2001 15:40 -0600, Mike Weller wrote:
>
> > Before the change, I polled a dozen nameservers around the world
> > for zyric.zyvex.com:
> > nslookup zyric.zyvex.com 140.221.9.6
> > nslookup zyric.zyvex.com 141.217.90.3
> > nslookup zyric.zyvex.com 141.217.1.13
> > nslookup zyric.zyvex.com 141.217.1.15
> > nslookup zyric.zyvex.com 206.191.74.19
> > nslookup zyric.zyvex.com 24.226.1.11
> >
> > The change was made at 12pm cst today (Monday).
> > 3 hours later, all nameservers still report the old IP
> > (64.241.222.34), despite the minimum TTL of 1 hour.
> >
> > My question to you DNS experts is, if an SOA record is corrupt (and
> > thus, can't read the cache time) how long does the nameserver cache
> > IPs for? Is there a way to poll "bind" to determine what the
> > cache times are for any particular IP or domain?
> >
> > I hope it's not too long, because our current ISP is about to drop
> > our service!
> >
> > Thanks for any help you can provide.
> >
> > -Mike
More information about the bind-users
mailing list