Caching-only Name server does Zone Updates

Mark Andrews Mark_Andrews at isc.org
Tue Feb 3 06:02:18 UTC 2009 

In message <009201c985c0$aff05cb0$f9281fac at wipro74039c7ca>, "Ashish" writes:
> Hello All,
> 
> Thank you for your replies.
> 
> Our configuration file is fairly simple (I have changed the domain name for
> security). 

	You care about security yet you run BIND 4?
 
> domain          example.group.net                                         
> cache           .                            /etc/dnscache  
> 
> We use BIND 4. Actually our DNS was doing lot of CPU utilization and when we
> started it in Debug mode we found that there was a reverse lookup for some
> IP address which was in the dnscache file. (dnscache is the root hint file)
> 
> This started zone updates, as we can observe in the debug file which calls
> function db_update()
> 
> Here is the debug file content (I have modified the IP address for security
> reasons. Here 21.x.x.x is one of the entries in dnscache file. I mean that
> there was a network address starting with 21 in our dnscache file)
> 
> dgram from 1.2.3.4, 22222 (2222)
>  ns_req()
>  req: nlookup(5.6.7.21.in-addr.arpa) id 111 type=11
>  req: found '5.6.7.21.in-addr.arpa' as '21.in-addr.arpa' (cname=0)
>  findns: np 0x6b41e
>  findns: 2 NS's added for '21'
>  ns_forw()
>  qnew(x45gte8)
>  nslookup(nsp=x2433d,qp=xfdgfv4)
>  nslookup: NS server01.example.grp.net c1 t2 (x0)
>  nslookup: 1 ns addrs
>  nslookup: NS cerver01.example.grp.net c1 t2 (x0)
>  nslookup: 2 ns addrs
>  nslookup: 2 ns addrs total
>  retrytime: nstime 0ms.
>  schedretry(0x1dfd8, 4sec)
> 
> Dgram from 21.x.x.x
> Ns_req()
> Qfindid(12345)
> USER response nsid=xxxx id xxxx
> Respose from upexpected source 21.x.x.x
> Stime zzzzz/zzzzz now yyyyyy/yyyyyy rtt x
> NS #2 addr 21.x.x.x used rtt y
> NS #1 21.x.x.x rtt now z
> Resp: ancount 0, aucount 1, arcount 0
> Doupdate(zone 0, savens x, flags y)
> Doupdate: dname 21.in-addr.arpa type 6 class 1 ttl 600
> Db_update(21.in-addr.arpa, 0x12345, 0x56789, 087, 0x76543)
> 
> This is strange, there was NSLOOKUP for some IP 5.6.7.21 which caused zone
> updates and we do not have any zone specified in our configuration file.

	zone 0 is the cache.  The cache was updated.

	Mark
 
> Kindly advice
> 
> Thanks 
> Ashish
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org

More information about the bind-users mailing list