NSlookup query - odd results

Mike Diggins diggins at McMaster.CA
Mon Feb 13 21:05:53 UTC 2006


I'm running two slave name servers, one running Bind 9.2.4 on Solaris 8 
(SPARC, single processor), the other Bind 9.3.2 on Solaris 10 (Sparc, dual 
Processor). I run nslookup from a Windows XP client in debug mode, looking 
up the name www.cnn.com. The 9.3.2 server _sometimes_ times out with a 
"DNS Request Timed out, 2 seconds", but the 9.2.4 server never times out. 
So I look at the results a bit closer and noticed a difference. With the 
9.2.4 server, the 'authoritative name server' records TTL always refreshes 
when the A records TTL does. Notice in my output the A record TTL reaching 
1 second and the NS records TTL at 8m21s. Next, the A record TTL is 
refreshed to 5 minutes as well as the NS record TTL back to 10 minutes.

The same query to the 9.3.2 server yields different results. When the A 
record TTL reaches zero and refreshes, the NS record TTL continues to 
count down to zero instead of refreshing. When it reaches zero is when I 
get the timeout on the next query. The proceeding query usual succeeds as 
do the rest.

Can anyone explain the difference?



Bind 9.2.4 Server, Solaris 8 (SPARC)

<SNIP>

------------
------------
Got answer:
     HEADER:
         opcode = QUERY, id = 28, rcode = NOERROR
         header flags:  response, want recursion, recursion avail.
         questions = 1,  answers = 9,  authority records = 4,  additional = 0

     QUESTIONS:
         www.cnn.com, type = A, class = IN
     ANSWERS:
     ->  www.cnn.com
         canonical name = cnn.com
         ttl = 1 (1 sec)
     ->  cnn.com
         internet address = 64.236.16.116
         ttl = 1 (1 sec)
     ->  cnn.com
         internet address = 64.236.24.12
         ttl = 1 (1 sec)
     ->  cnn.com
         internet address = 64.236.24.20
         ttl = 1 (1 sec)
     ->  cnn.com
         internet address = 64.236.24.28
         ttl = 1 (1 sec)
     ->  cnn.com
         internet address = 64.236.29.120
         ttl = 1 (1 sec)
     ->  cnn.com
         internet address = 64.236.16.20
         ttl = 1 (1 sec)
     ->  cnn.com
         internet address = 64.236.16.52
         ttl = 1 (1 sec)
     ->  cnn.com
         internet address = 64.236.16.84
         ttl = 1 (1 sec)
     AUTHORITY RECORDS:
     ->  cnn.com
         nameserver = twdns-02.ns.aol.com
         ttl = 501 (8 mins 21 secs)
     ->  cnn.com
         nameserver = twdns-03.ns.aol.com
         ttl = 501 (8 mins 21 secs)
     ->  cnn.com
         nameserver = twdns-04.ns.aol.com
         ttl = 501 (8 mins 21 secs)
     ->  cnn.com
         nameserver = twdns-01.ns.aol.com
         ttl = 501 (8 mins 21 secs)

------------
Non-authoritative answer:
Name:    cnn.com
Addresses:  64.236.16.116, 64.236.24.12, 64.236.24.20, 64.236.24.28
           64.236.29.120, 64.236.16.20, 64.236.16.52, 64.236.16.84
Aliases:  www.cnn.com

> www.cnn.com

<SNIP>

------------
Got answer:
     HEADER:
         opcode = QUERY, id = 30, rcode = NOERROR
         header flags:  response, want recursion, recursion avail.
         questions = 1,  answers = 9,  authority records = 4,  additional = 0

     QUESTIONS:
         www.cnn.com, type = A, class = IN
     ANSWERS:
     ->  www.cnn.com
         canonical name = cnn.com
         ttl = 300 (5 mins)
     ->  cnn.com
         internet address = 64.236.24.20
         ttl = 300 (5 mins)
     ->  cnn.com
         internet address = 64.236.24.28
         ttl = 300 (5 mins)
     ->  cnn.com
         internet address = 64.236.29.120
         ttl = 300 (5 mins)
     ->  cnn.com
         internet address = 64.236.16.20
         ttl = 300 (5 mins)
     ->  cnn.com
         internet address = 64.236.16.52
         ttl = 300 (5 mins)
     ->  cnn.com
         internet address = 64.236.16.84
         ttl = 300 (5 mins)
     ->  cnn.com
         internet address = 64.236.16.116
         ttl = 300 (5 mins)
     ->  cnn.com
         internet address = 64.236.24.12
         ttl = 300 (5 mins)
     AUTHORITY RECORDS:
     ->  cnn.com
         nameserver = twdns-02.ns.aol.com
         ttl = 600 (10 mins)
     ->  cnn.com
         nameserver = twdns-03.ns.aol.com
         ttl = 600 (10 mins)
     ->  cnn.com
         nameserver = twdns-04.ns.aol.com
         ttl = 600 (10 mins)
     ->  cnn.com
         nameserver = twdns-01.ns.aol.com
         ttl = 600 (10 mins)

------------
Non-authoritative answer:
Name:    cnn.com
Addresses:  64.236.24.20, 64.236.24.28, 64.236.29.120, 64.236.16.20
           64.236.16.52, 64.236.16.84, 64.236.16.116, 64.236.24.12
Aliases:  www.cnn.com

____________________________________________________________________________




Bind 9.3.2 Server, Solaris 10 (SPARC)

Got answer:
     HEADER:
         opcode = QUERY, id = 48, rcode = NOERROR
         header flags:  response, want recursion, recursion avail.
         questions = 1,  answers = 9,  authority records = 4,  additional = 0

     QUESTIONS:
         www.cnn.com, type = A, class = IN
     ANSWERS:
     ->  www.cnn.com
         canonical name = cnn.com
         ttl = 1 (1 sec)
     ->  cnn.com
         internet address = 64.236.16.84
         ttl = 1 (1 sec)
     ->  cnn.com
         internet address = 64.236.16.116
         ttl = 1 (1 sec)
     ->  cnn.com
         internet address = 64.236.24.12
         ttl = 1 (1 sec)
     ->  cnn.com
         internet address = 64.236.24.20
         ttl = 1 (1 sec)
     ->  cnn.com
         internet address = 64.236.24.28
         ttl = 1 (1 sec)
     ->  cnn.com
         internet address = 64.236.29.120
         ttl = 1 (1 sec)
     ->  cnn.com
         internet address = 64.236.16.20
         ttl = 1 (1 sec)
     ->  cnn.com
         internet address = 64.236.16.52
         ttl = 1 (1 sec)
     AUTHORITY RECORDS:
     ->  cnn.com
         nameserver = twdns-03.ns.aol.com
         ttl = 301 (5 mins 1 sec)
     ->  cnn.com
         nameserver = twdns-04.ns.aol.com
         ttl = 301 (5 mins 1 sec)
     ->  cnn.com
         nameserver = twdns-01.ns.aol.com
         ttl = 301 (5 mins 1 sec)
     ->  cnn.com
         nameserver = twdns-02.ns.aol.com
         ttl = 301 (5 mins 1 sec)

------------
Non-authoritative answer:
Name:    cnn.com
Addresses:  64.236.16.84, 64.236.16.116, 64.236.24.12, 64.236.24.20
           64.236.24.28, 64.236.29.120, 64.236.16.20, 64.236.16.52
Aliases:  www.cnn.com

> www.cnn.com

<SNIP>

------------
Got answer:
     HEADER:
         opcode = QUERY, id = 50, rcode = NOERROR
         header flags:  response, want recursion, recursion avail.
         questions = 1,  answers = 9,  authority records = 4,  additional = 0

     QUESTIONS:
         www.cnn.com, type = A, class = IN
     ANSWERS:
     ->  www.cnn.com
         canonical name = cnn.com
         ttl = 300 (5 mins)
     ->  cnn.com
         internet address = 64.236.16.20
         ttl = 300 (5 mins)
     ->  cnn.com
         internet address = 64.236.16.52
         ttl = 300 (5 mins)
     ->  cnn.com
         internet address = 64.236.16.84
         ttl = 300 (5 mins)
     ->  cnn.com
         internet address = 64.236.16.116
         ttl = 300 (5 mins)
     ->  cnn.com
         internet address = 64.236.24.12
         ttl = 300 (5 mins)
     ->  cnn.com
         internet address = 64.236.24.20
         ttl = 300 (5 mins)
     ->  cnn.com
         internet address = 64.236.24.28
         ttl = 300 (5 mins)
     ->  cnn.com
         internet address = 64.236.29.120
         ttl = 300 (5 mins)
     AUTHORITY RECORDS:
     ->  cnn.com
         nameserver = twdns-04.ns.aol.com
         ttl = 299 (4 mins 59 secs)
     ->  cnn.com
         nameserver = twdns-01.ns.aol.com
         ttl = 299 (4 mins 59 secs)
     ->  cnn.com
         nameserver = twdns-02.ns.aol.com
         ttl = 299 (4 mins 59 secs)
     ->  cnn.com
         nameserver = twdns-03.ns.aol.com
         ttl = 299 (4 mins 59 secs)

------------
Non-authoritative answer:
Name:    cnn.com
Addresses:  64.236.16.20, 64.236.16.52, 64.236.16.84, 64.236.16.116
           64.236.24.12, 64.236.24.20, 64.236.24.28, 64.236.29.120
Aliases:  www.cnn.com


-Mike




More information about the bind-users mailing list