Problem with caching domain

Kevin Darcy kcd at chrysler.com
Thu Aug 6 19:37:11 UTC 2009


Yes, ns1.geap.com.br and ns2.geap.com.br are both CNAMEs. Pointing NS 
records at CNAMEs is not only illegal, but causes real problems, as you 
can see.

                                                                         
                                          - Kevin

Breno Silveira Soares wrote:
> Hi list,
>
> I'm using bind 9.6.1.
> I have problem with resolving an external name www.geap.com.br.
> The first time quering the server, it's work. But when the TTL of www 
> record expires, the server returns SERVFAIL.
> And when I execute "rndc flush" it's work as the first time.
>
> The dump cache of my server shows:
>
> ; ns2.geap.com.br [v4 TTL 98] [v6 TTL 98] [v4 failure] [v6 failure]
> ; ns1.geap.com.br [v4 TTL 98] [v6 TTL 98] [v4 failure] [v6 failure]
> ; glue
> 75.88.201.in-addr.arpa. 389     NS      ns1.geap.com.br.
>                         389     NS      ns2.geap.com.br.
> ; glue
> geap.com.br.            81544   NS      ns1.geap.com.br.
>                         81544   NS      ns2.geap.com.br.
> ; glue
> ns1.geap.com.br.        81544   A       201.88.75.3
> ; glue
> ns2.geap.com.br.        81544   A       201.88.75.7
> -----------------------
>
> The NS of domain uses CNAME:
>
> ns1.geap.com.br.        3600    IN      CNAME   srvneonio.geap.com.br.
> srvneonio.geap.com.br.  3600    IN      A       201.88.75.3
> ns2.geap.com.br.        3600    IN      CNAME   srvcriptonio.geap.com.br.
> srvcriptonio.geap.com.br. 3600  IN      A       201.88.75.7
>
> ----------------------
> $ dig @centauro www.geap.com.br
>
> ; <<>> DiG 9.2.4 <<>> @centauro www.geap.com.br
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 1213
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;www.geap.com.br.               IN      A
>
> ;; Query time: 1 msec
> ;; SERVER: 161.148.1.17#53(centauro)
> ;; WHEN: Thu Aug  6 16:11:34 2009
> ;; MSG SIZE  rcvd: 33
>
>
> It's something related with glue records or using NS with CNAME or [v4 
> failure] in the cache ?
>
> Thanks.
>
> -- 
> Ats,
> Breno S. Soares
> Analista de Redes
> SERPRO/SUPRE/REBHE
> Tel: (31) 3311-6825
>
>   
> "Esta mensagem do SERVIÇO FEDERAL DE PROCESSAMENTO DE DADOS (SERPRO), empresa pública federal regida pelo disposto na Lei Federal nº 5.615, é enviada exclusivamente a seu destinatário e pode conter informações confidenciais, protegidas por sigilo profissional. Sua utilização desautorizada é ilegal e sujeita o infrator às penas da lei. Se você a recebeu indevidamente, queira, por gentileza, reenviá-la ao emitente, esclarecendo o equívoco."
>
> "This message from SERVIÇO FEDERAL DE PROCESSAMENTO DE DADOS (SERPRO) -- a government company established under Brazilian law (5.615/70) -- is directed exclusively to its addressee and may contain confidential data, protected under professional secrecy rules. Its unauthorized use is illegal and may subject the transgressor to the law's penalties. If you're not the addressee, please send it back, elucidating the failure."
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users




More information about the bind-users mailing list