Poison Cache / Negative Cache

Kevin Darcy kcd at daimlerchrysler.com
Fri Jan 31 18:07:07 UTC 2003


Chimento, Douglas wrote:

>All,
>	Have some issues with global-estimates.com on our name servers...it
>seems we have a bad NS record(s). I was wondering if someone could take a
>look at our dns at 192.223.207.77. Try to look up
>fidelity.global-estimates.com on that server and you don't get a response..
>However it works on other internet DNS servers ... I think I have some bad
>cache but I just want to be sure. Below are some debug dumps, if you think
>it helps.
>
>
>Thanks.
>
>################## cache ########################
>$ORIGIN .com
>global-estimates        608     IN      NS
>milkyway.global-estimates.com.  
>;Cr=auth [204.255.50.5]
>        608     IN      SOA     milkyway.global-estimates.com.
>is.helpdesk\@mult
>ex-uk.com. (   12 3600 600 86400 3600 ) 
>
>......
>
>$ORIGIN global-estimates.com.
>NS2     146894  IN      A       195.217.209.88  ;NT=11 Cr=addtnl
>[192.26.92.30]
>;milkyway       608     IN      AAAA    milkyway.global-estimates.com.
>is.helpde
>sk\@multex-uk.com. (
>;               12 3600 600 86400 3600 );global-estimates.com.;NODATA   ;-$
>
>;Cr=auth [195.217.209.88]
>;       608     IN      A6      milkyway.global-estimates.com.
>is.helpdesk\@mult
>ex-uk.com. (
>;               12 3600 600 86400 3600 );global-estimates.com.;NODATA   ;-$
>
>;Cr=auth [195.217.209.88]
>
>
>################# DUMP DB #######################3
>datagram from [127.0.0.1].51158, fd 20, len 47
>req: nlookup(fidelity.global-estimates.com) id 25546 type=1 class=1
>req: found 'fidelity.global-estimates.com' as
>'fidelity.global-estimates.com' (c
>name=0)
>findns: 1 NS's added for 'global-estimates'
>ns_forw()
>find_zone(fidelity.global-estimates.com, 1)
>find_zone: unknown zone
>find_zone(global-estimates.com, 1)
>find_zone: unknown zone
>find_zone(com, 1)
>find_zone: unknown zone
>find_zone(., 1)
>find_zone: existing zone 1
>nslookup(nsp=efffdba8, qp=3afef8, "fidelity.global-estimates.com", d=0)
>nslookup: NS "milkyway.global-estimates.com" c=1 t=2 (flags 0x2)
>sysquery(milkyway.global-estimates.com, 1, 1, 0, 0, 0, 53)
>find_zone(milkyway.global-estimates.com, 1)
>find_zone: unknown zone
>find_zone(global-estimates.com, 1)
>find_zone: unknown zone
>find_zone(com, 1)
>find_zone: unknown zone
>find_zone(., 1)
>find_zone: existing zone 1
>findns: 1 NS's added for 'global-estimates'
>nslookup(nsp=efffd038, qp=1fc488, "milkyway.global-estimates.com", d=1)
>nslookup: NS "milkyway.global-estimates.com" c=1 t=2 (flags 0x2)
>sysquery(milkyway.global-estimates.com, 1, 1, 0, 0, 0, 53)
>find_zone(milkyway.global-estimates.com, 1)
>find_zone: unknown zone
>find_zone(global-estimates.com, 1)
>find_zone: unknown zone
>find_zone(com, 1)
>find_zone: unknown zone
>find_zone(., 1)
>find_zone: existing zone 1
>findns: 1 NS's added for 'global-estimates'
>sysquery: duplicate
>ns_freeqry(0x1edb58)
>nslookup: 0 ns addrs total
>findns: 13 NS's added for 'com'
>nslookup(nsp=efffd038, qp=1fc488, "milkyway.global-estimates.com", d=1)
>nslookup: NS "c.gtld-servers.net" c=1 t=2 (flags 0x2)
>nslookup: NS "m.gtld-servers.net" c=1 t=2 (flags 0x2)
>nslookup: NS "g.gtld-servers.net" c=1 t=2 (flags 0x2)
>nslookup: NS "h.gtld-servers.net" c=1 t=2 (flags 0x2)
>nslookup: NS "d.gtld-servers.net" c=1 t=2 (flags 0x2)
>nslookup: NS "j.gtld-servers.net" c=1 t=2 (flags 0x2)
>nslookup: NS "i.gtld-servers.net" c=1 t=2 (flags 0x2)
>nslookup: NS "l.gtld-servers.net" c=1 t=2 (flags 0x2)
>nslookup: NS "b.gtld-servers.net" c=1 t=2 (flags 0x2)
>nslookup: NS "e.gtld-servers.net" c=1 t=2 (flags 0x2)
>nslookup: NS "a.gtld-servers.net" c=1 t=2 (flags 0x2)
>nslookup: NS "k.gtld-servers.net" c=1 t=2 (flags 0x2)
>nslookup: NS "f.gtld-servers.net" c=1 t=2 (flags 0x2)
>nslookup: 13 ns addrs total
>retrytime: nstime0ms t4 nretry0 u4 : v4
>evSetTimer(ctx 0x11ec20, func 0x34ce0, uap 0, due 1044031092.000000000,
>inter 0.
>000000000)
>sysquery: send -> [192.55.83.30].53 dfd=4 nsid=41075 id=0 retry=1044031095
>nslookup: 0 ns addrs total
>forw: no nameservers found
>ns_freeqry(0x3afef8)
>findns: 13 NS's added for 'com'
>ns_forw()
>find_zone(fidelity.global-estimates.com, 1)
>find_zone: unknown zone
>find_zone(global-estimates.com, 1)
>find_zone: unknown zone
>find_zone(com, 1)
>find_zone: unknown zone
>find_zone(., 1)
>find_zone: existing zone 1
>nslookup(nsp=efffdba8, qp=3afef8, "fidelity.global-estimates.com", d=0)
>nslookup: NS "c.gtld-servers.net" c=1 t=2 (flags 0x2)
>nslookup: NS "m.gtld-servers.net" c=1 t=2 (flags 0x2)
>nslookup: NS "g.gtld-servers.net" c=1 t=2 (flags 0x2)
>nslookup: NS "h.gtld-servers.net" c=1 t=2 (flags 0x2)
>nslookup: NS "d.gtld-servers.net" c=1 t=2 (flags 0x2)
>nslookup: NS "j.gtld-servers.net" c=1 t=2 (flags 0x2)
>nslookup: NS "i.gtld-servers.net" c=1 t=2 (flags 0x2)
>nslookup: NS "l.gtld-servers.net" c=1 t=2 (flags 0x2)
>nslookup: NS "b.gtld-servers.net" c=1 t=2 (flags 0x2)
>nslookup: NS "e.gtld-servers.net" c=1 t=2 (flags 0x2)
>nslookup: NS "a.gtld-servers.net" c=1 t=2 (flags 0x2)
>nslookup: NS "k.gtld-servers.net" c=1 t=2 (flags 0x2)
>nslookup: NS "f.gtld-servers.net" c=1 t=2 (flags 0x2)
>nslookup: 13 ns addrs total
>retrytime: nstime0ms t4 nretry0 u4 : v4
>evSetTimer(ctx 0x11ec20, func 0x34ce0, uap 0, due 1044031092.000000000,
>inter 0.
>000000000)
>forw: forw -> [192.55.83.30].53 ds=4 nsid=12897 id=25546 3ms retry 4sec
>datagram from [192.55.83.30].53, fd 4, len 205
>qfindid(41075) -> 0x1fc488
>Response (SYSTEM NORMAL -) nsid=41075 id=0
>stime 1044031091/543074  now 1044031091/773514 rtt 230
>NS #0 addr [192.55.83.30].53 used, rtt 71
>NS #1 [192.5.6.30].53 rtt now 6
>NS #2 [192.26.92.30].53 rtt now 8
>NS #3 [192.33.14.30].53 rtt now 11
>NS #4 [192.42.93.30].53 rtt now 20
>NS #5 [192.31.80.30].53 rtt now 24
>NS #6 [192.43.172.30].53 rtt now 31
>NS #7 [192.54.112.30].53 rtt now 36
>NS #8 [192.48.79.30].53 rtt now 36
>NS #9 [192.35.51.30].53 rtt now 37
>NS #10 [192.12.94.30].53 rtt now 50
>NS #11 [192.52.178.30].53 rtt now 72
>NS #12 [192.41.162.30].53 rtt now 93
>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41075
>;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 4
>;;      milkyway.global-estimates.com, type = A, class = IN
>global-estimates.com.   2D IN NS        NS0-G.DNS.PIPEX.NET.
>global-estimates.com.   2D IN NS        NS1.MULTEX.com.
>global-estimates.com.   2D IN NS        NS2.global-estimates.com.
>global-estimates.com.   2D IN NS        NS2.MULTEX.com.
>NS0-G.DNS.PIPEX.NET.    2D IN A         158.43.129.71
>NS1.MULTEX.com.         2D IN A         204.255.43.5
>NS2.global-estimates.com.  2D IN A  195.217.209.88
>NS2.MULTEX.com.         2D IN A         204.255.50.5
>rrextract: dname global-estimates.com type 2 class 1 ttl 172800
>rrextract: dname global-estimates.com type 2 class 1 ttl 172800
>rrextract: dname global-estimates.com type 2 class 1 ttl 172800
>rrextract: dname global-estimates.com type 2 class 1 ttl 172800
>rrextract: dname NS0-G.DNS.PIPEX.NET type 1 class 1 ttl 172800
>ignoring additional info 'NS0-G.DNS.PIPEX.NET' type A
>rrextract: dname NS1.MULTEX.com type 1 class 1 ttl 172800
>rrextract: dname NS2.global-estimates.com type 1 class 1 ttl 172800
>rrextract: dname NS2.MULTEX.com type 1 class 1 ttl 172800
>rrsetupdate: global-estimates.com
>rrsetcmp: record not in database
>flushrrset(global-estimates.com, NS, IN, 1)
>db_update(global-estimates.com, b962a0, 0, 0, 04, 249498)
>flushrrset: -4
>rrsetupdate: global-estimates.com 0
>rrsetupdate: global-estimates.com 0
>rrsetupdate: global-estimates.com 0
>rrsetupdate: global-estimates.com 0
>rrsetupdate: global-estimates.com 0
>rrsetupdate: NS1.MULTEX.com
>rrsetcmp: rrsets matched
>rrsetupdate: NS2.global-estimates.com
>rrsetcmp: rrsets matched
>rrsetupdate: NS2.MULTEX.com
>rrsetcmp: rrsets matched
>db_update(global-estimates.com, 9c352c, 9c352c, 0, 011, 249498)
>update failed global-estimates.com 2
>resp: nlookup(milkyway.global-estimates.com) qtype=1
>resp: found 'milkyway.global-estimates.com' as
>'milkyway.global-estimates.com' (
>cname=0)
>finddata(): buflen=4049
>wanted(d7ab28, IN A) [IN AAAA]
>wanted(d7a708, IN A) [IN A6]
>findns: 1 NS's added for 'global-estimates'
>nslookup(nsp=efffe9b8, qp=1fc488, "milkyway.global-estimates.com", d=1)
>nslookup: NS "milkyway.global-estimates.com" c=1 t=2 (flags 0x2)
>sysquery(milkyway.global-estimates.com, 1, 1, 0, 0, 0, 53)
>find_zone(milkyway.global-estimates.com, 1)
>find_zone: unknown zone
>find_zone(global-estimates.com, 1)
>find_zone: unknown zone
>find_zone(com, 1)
>find_zone: unknown zone
>find_zone(., 1)
>find_zone: existing zone 1
>findns: 1 NS's added for 'global-estimates'
>sysquery: duplicate
>ns_freeqry(0x1edb58)
>nslookup: 0 ns addrs total
>resp: no addrs found for NS's
>qremove(0x1fc488)
>unsched(0x1fc488, 0)
>evSetTimer(ctx 0x11ec20, func 0x34ce0, uap 0, due 1044031092.000000000,
>inter 0.
>000000000)
>ns_freeqry(0x1fc488)
>datagram from [192.55.83.30].53, fd 4, len 205
>qfindid(12897) -> 0x3afef8
>Response (USER NORMAL -) nsid=12897 id=25546
>stime 1044031091/543074  now 1044031091/773514 rtt 230
>NS #0 addr [192.55.83.30].53 used, rtt 118
>NS #1 [192.5.6.30].53 rtt now 5
>NS #2 [192.26.92.30].53 rtt now 7
>NS #3 [192.33.14.30].53 rtt now 10
>NS #4 [192.42.93.30].53 rtt now 19
>NS #5 [192.31.80.30].53 rtt now 23
>NS #6 [192.43.172.30].53 rtt now 30
>NS #7 [192.54.112.30].53 rtt now 35
>NS #8 [192.48.79.30].53 rtt now 35
>NS #9 [192.35.51.30].53 rtt now 36
>NS #10 [192.12.94.30].53 rtt now 49
>NS #11 [192.52.178.30].53 rtt now 70
>NS #12 [192.41.162.30].53 rtt now 91
>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12897
>;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 4
>;;      fidelity.global-estimates.com, type = A, class = IN
>global-estimates.com.   2D IN NS        NS0-G.DNS.PIPEX.NET.
>global-estimates.com.   2D IN NS        NS1.MULTEX.com.
>global-estimates.com.   2D IN NS        NS2.global-estimates.com.
>global-estimates.com.   2D IN NS        NS2.MULTEX.com.
>NS0-G.DNS.PIPEX.NET.    2D IN A         158.43.129.71
>NS1.MULTEX.com.         2D IN A         204.255.43.5
>NS2.global-estimates.com.  2D IN A  195.217.209.88
>NS2.MULTEX.com.         2D IN A         204.255.50.5
>rrextract: dname global-estimates.com type 2 class 1 ttl 172800
>rrextract: dname global-estimates.com type 2 class 1 ttl 172800
>rrextract: dname global-estimates.com type 2 class 1 ttl 172800
>rrextract: dname global-estimates.com type 2 class 1 ttl 172800
>rrextract: dname NS0-G.DNS.PIPEX.NET type 1 class 1 ttl 172800
>ignoring additional info 'NS0-G.DNS.PIPEX.NET' type A
>rrextract: dname NS1.MULTEX.com type 1 class 1 ttl 172800
>rrextract: dname NS2.global-estimates.com type 1 class 1 ttl 172800
>rrextract: dname NS2.MULTEX.com type 1 class 1 ttl 172800
>rrsetupdate: global-estimates.com
>rrsetcmp: record not in database
>flushrrset(global-estimates.com, NS, IN, 1)
>db_update(global-estimates.com, bab980, 0, 0, 04, 249498)
>flushrrset: -4
>rrsetupdate: global-estimates.com 0
>rrsetupdate: global-estimates.com 0
>rrsetupdate: global-estimates.com 0
>rrsetupdate: global-estimates.com 0
>rrsetupdate: global-estimates.com 0
>rrsetupdate: NS1.MULTEX.com
>rrsetcmp: rrsets matched
>rrsetupdate: NS2.global-estimates.com
>rrsetcmp: rrsets matched
>  
>
Well, global-estimates.com is only publishing one NS record -- 
milkyway.global-estimates.com -- which is *not* in the 
global-estimates.com delegations. This makes the zone very brittle, and 
is exacerbated by the fact that the milkyway.global-estimates.com A 
record has only a 60-second TTL, so it'll constantly expire from caches 
and cause them to go back up the tree in order to resolve anything in 
the zone. Ugly ugly ugly.

                                                                        
                                            - Kevin





More information about the bind-users mailing list