Everybody Resolves this Domain but Us.

phn at icke-reklam.ipsec.nu phn at icke-reklam.ipsec.nu
Tue Jul 23 18:10:40 UTC 2002


Martin McCormick <martin at dc.cis.okstate.edu> wrote:
> Simon Waters writes:
>>BIND is more vigilant than I am.
>>
>>Lame domains from recent log file entries
>>accxxmaps.COM
>>
>>So the SOA email for the problems with the accxx123.com domain
>>doesn't work as the DNS of that domain is broken as well.
>>
>>Exactly how often do Martin's customers get these websites to
>>work I wonder.

> 	I wonder that myself.  This is a university and the site
> we are trying to reach is one that students use to buy
> long-distance telephone service.  Some of these students live in
> campus housing and others may not so some of them go through our
> network and others have the array of internet service providers
> that serve the community at large.  A lot of them can and do
> resolve this domain at least some of the time.  I bet it isn't
> all the time.

> 	Our master dns process has been running without
> interruption since June 18 and the named process on our slave has
> been up since June 5 and I think that explains why broken domains
> seem to hurt us more often.  I like to keep named running without
> killing and restarting it as long as humanly possible for the
> sake of our customers who should have as continuous a flow of
> data as is practical.  The loss of broken domain connectivity is
> probably one of the drawbacks to this practice.

> 	Our last such situation was a domain that listed
> localhost or maybe even 127.0.0.1 as the NS record in their SOA.
> We could always get them to work if we completely killed named
> and restarted it and it would work for precisely 1 TTL unit of
> time which in their case was 24 hours.

> 	Fortunately, they finally fixed it after we got hold of
> the right persons, not the listed contact either  GRRR!  

> 	In this latest saga of why sharp instruments shouldn't be
> given to those who don't know any better, I have yet to get a
> single response from any contact person much less a resolution of
> the problem.

> 	My sincere thanks to all of you on this list.  When
> situations like this arise, there is lots of finger-pointing and
> table pounding and "You need to fix this now!" type talk.  Your
> answers have given me more backing in my response which is
> basically that I have written to the contact addresses and we
> can't do much more because it isn't us that is broken even though
> it looks that way.


What has not been said is that there is a workaround available 
as a last resort : set up the zone yourself, using the information
needed to get your tasks done.  This os ugly and wrong, but less
ugly then having to scratch your dns-cache by restarting a perfectly
running nameserver.

Sometimes we need to do ugly things, we have to choose the least 
painful of them.

> Martin McCormick Stillwater, OK
> OSU Center for Computing and Information services Network Operations Group


-- 
Peter Håkanson         
        IPSec  Sverige      ( At Gothenburg Riverside )
           Sorry about my e-mail address, but i'm trying to keep spam out,
	   remove "icke-reklam" if you feel for mailing me. Thanx.


More information about the bind-users mailing list