TTL Question
Mark Andrews
Mark_Andrews at isc.org
Tue Oct 16 23:33:22 UTC 2007
>
> On Wed, 17 Oct 2007, Mark Andrews wrote:
>
> >
> >>
> >> What dictates how long another name server caches the authoritative name
> >> server for a domain? I was under the impression it was the default
> >> time-to-live, but I have a situation where an authoritative name server
> >> was removed from service several days ago, yet queries to it continue. Dig
> >> is correctly reporting the new authoritative name servers for the domain
> >> in question. How common is it for DNS servers to ignore the ttl?
> >
> > Because you failed to update *ALL* the servers for the zone to
> > have the new content. Every time a cache queries the old servers
> > it re-learns the old NS RRset for the zone.
> >
> > Mark
> >
> Mark,
>
> Do you know something I don't? Our registrar (Canhost) was contacted to
> have the DNS server removed. When I check cira.ca, that appears to have
> been done (it correctly lists our nameservers). Did I miss a step?
>
> -Mike
NS records are in THREE places.
The parent zone.
The new (current) servers.
The old servers.
Not changing the old servers to have the new NS RRset gives
exactly these symptoms.
Nameservers cache answers AND authority AND additionsal
sections. If you fail to update the old server to have the
new content then everytime the nameserver fetches data from
the zone it re-learns the NS RRset via the authority section.
[The same thing can happen also with the addresses for the
nameservers.]
When you change nameservers you need to ensure ALL servers
are giving CONSISTANT answers. Both old, new and parent.
Once ALL the records involved in the delegation (NS/A/AAAA)
with old information have timed out you can then shut down
the old servers.
Mark
; <<>> DiG 9.3.4-P1 <<>> a McMaster.CA @baldric.cis.McMaster.CA +norec
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43303
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;McMaster.CA. IN A
;; ANSWER SECTION:
McMaster.CA. 60 IN A 130.113.64.65
;; AUTHORITY SECTION:
McMaster.CA. 3600 IN NS blackadder.CIS.McMaster.CA.
McMaster.CA. 3600 IN NS baldric.CIS.McMaster.CA.
;; ADDITIONAL SECTION:
baldric.CIS.McMaster.CA. 3600 IN A 130.113.64.1
blackadder.CIS.McMaster.CA. 3600 IN A 130.113.128.1
;; Query time: 243 msec
;; SERVER: 130.113.64.1#53(130.113.64.1)
;; WHEN: Wed Oct 17 09:22:08 2007
;; MSG SIZE rcvd: 128
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list