TTL Question

Mark Andrews Mark_Andrews at isc.org
Tue Oct 16 23:33:22 UTC 2007


> 
> On Wed, 17 Oct 2007, Mark Andrews wrote:
> 
> >
> >>
> >> What dictates how long another name server caches the authoritative name
> >> server for a domain? I was under the impression it was the default
> >> time-to-live, but I have a situation where an authoritative name server
> >> was removed from service several days ago, yet queries to it continue. Dig
> >> is correctly reporting the new authoritative name servers for the domain
> >> in question. How common is it for DNS servers to ignore the ttl?
> >
> > 	Because you failed to update *ALL* the servers for the zone to
> > 	have the new content.  Every time a cache queries the old servers
> > 	it re-learns the old NS RRset for the zone.
> >
> > 	Mark
> >
> Mark,
> 
> Do you know something I don't? Our registrar (Canhost) was contacted to 
> have the DNS server removed. When I check cira.ca, that appears to have 
> been done (it correctly lists our nameservers). Did I miss a step?
> 
> -Mike

	NS records are in THREE places.

		The parent zone.
		The new (current) servers.
		The old servers.

	Not changing the old servers to have the new NS RRset gives
	exactly these symptoms.

	Nameservers cache answers AND authority AND additionsal
	sections.  If you fail to update the old server to have the
	new content then everytime the nameserver fetches data from
	the zone it re-learns the NS RRset via the authority section.

	[The same thing can happen also with the addresses for the
	nameservers.]

	When you change nameservers you need to ensure ALL servers
	are giving CONSISTANT answers. Both old, new and parent.
	Once ALL the records involved in the delegation (NS/A/AAAA)
	with old information have timed out you can then shut down
	the old servers.

	Mark

; <<>> DiG 9.3.4-P1 <<>> a McMaster.CA @baldric.cis.McMaster.CA +norec
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43303
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;McMaster.CA.			IN	A

;; ANSWER SECTION:
McMaster.CA.		60	IN	A	130.113.64.65

;; AUTHORITY SECTION:
McMaster.CA.		3600	IN	NS	blackadder.CIS.McMaster.CA.
McMaster.CA.		3600	IN	NS	baldric.CIS.McMaster.CA.

;; ADDITIONAL SECTION:
baldric.CIS.McMaster.CA. 3600	IN	A	130.113.64.1
blackadder.CIS.McMaster.CA. 3600 IN	A	130.113.128.1

;; Query time: 243 msec
;; SERVER: 130.113.64.1#53(130.113.64.1)
;; WHEN: Wed Oct 17 09:22:08 2007
;; MSG SIZE  rcvd: 128

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org



More information about the bind-users mailing list