Stranging Caching

Kevin Darcy kcd at daimlerchrysler.com
Tue Jul 9 00:46:14 UTC 2002 

dbotham at edeltacom.com wrote:

> All,
>
> Looking at the dig results below, I wonder why two consecutive queries to
> the same name server resulted in two different replies.  Here is the
> background:
>
> Versions:
> ns1.isp-host.com BIND 9.2.1
> ns2.isp-host.com BIND ?
> 172.17.76.2  BIND 8.2.3 (checkpoint metaIP server)
>
> Contents of /etc/resolv.conf on ns1:
> nameserver 172.17.76.2
>
> Time Line:
> 172.17.76.2 answered a query for "domain.com" at 08:33 and (I assume)
> cached the response as->
> domain.com.      IN      A       192.168.45.4
>
> At 08:35 the A RR for domain.com was changed to->
> domain.com.      IN      A       192.168.45.6
>
> The digs below were performed at the times shown.
>
> It looks like the first dig asked for something that 172.17.76.2 did
> not have in its cache (www.domain.com), so, it got the answer from an
> authorative name server (ns1.isp-host.com or ns2.isp-host.com).  It looks
> like
> 172.17.76.2 also "passed" along the A RR for "domain.com" from the
> authoratative
> name server even though it was already in its cache.
>
> Why do I think the A RR for domain.com was already in the cache of
> 172.17.76.2?
> The second query was for www.domain.com, yet this time that was in cache
> and
> (I think) the A RR for domain.com was too.  Hence the second query required
> no
> contact with an authoratative name server and therefore resulted in both
> answers coming from cache.
>
> Is this normal?  Why didn't 172.17.76.2 update its cache during the first
> query?
>
> [root at ns1 # dig www.domain.com
>
> ; <<>> DiG 9.2.1 <<>> www.domain.com
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50882
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 1
>
> ;; QUESTION SECTION:
> ;www.domain.com.         IN      A
>
> ;; ANSWER SECTION:
> www.domain.com.  3600    IN      CNAME   domain.com.
> domain.com.      3600    IN      A       192.168.45.6
>
> ;; AUTHORITY SECTION:
> domain.com.      3600    IN      NS      ns1.isp-host.com.
> domain.com.      3600    IN      NS      ns2.isp-host.com.
>
> ;; ADDITIONAL SECTION:
> ns2.isp-host.com.      15397   IN      A       192.168.2.40
>
> ;; Query time: 26 msec
> ;; SERVER: 172.17.76.2#53(172.17.76.2)
> ;; WHEN: Mon Jul  8 08:50:18 2002
> ;; MSG SIZE  rcvd: 142
>
> [root at ns1 ]# hostname
> ns1
> [root at ns1 ]# dig www.domain.com
>
> ; <<>> DiG 9.2.1 <<>> www.domain.com
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20004
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2
>
> ;; QUESTION SECTION:
> ;www.domain.com.         IN      A
>
> ;; ANSWER SECTION:
> www.domain.com.  3562    IN      CNAME   domain.com.
> domain.com.      2570    IN      A       192.168.45.4
>
> ;; AUTHORITY SECTION:
> domain.com.      2570    IN      NS      ns1.isp-host.com.
> domain.com.      2570    IN      NS      ns2.isp-host.com.
>
> ;; ADDITIONAL SECTION:
> ns1.isp-host.com.     171770  IN      A       10.150.18.10
> ns2.isp-host.com.      20533   IN      A       192.168.2.40
>
> ;; Query time: 8 msec
> ;; SERVER: 172.17.76.2#53(172.17.76.2)
> ;; WHEN: Mon Jul  8 08:50:56 2002
> ;; MSG SIZE  rcvd: 158

My guess is that the pre-existing cache entry was not overlaid, because it was
considered more "credible" (see RFC 2181's data-ranking rules) than the RR in
the response which it simply passed through from the authoritative server.
This could happen if the A record came directly -- and not in connection with
an alias -- from an authoritative server. When you queried again, it gave you
the "credible" A record instead of the one you previously saw.

Note that BIND 9 doesn't blindly "pass through" responses any more. So it is
more faithful to RFC 2181 and doesn't produce quirky behavior like the above.


- Kevin

More information about the bind-users mailing list