rndc flushname not working

Frank Even lists+isc.org at elitists.org
Thu Apr 9 20:57:09 UTC 2015


On Thu, Apr 9, 2015 at 1:48 PM, Matus UHLAR - fantomas
<uhlar at fantomas.sk> wrote:
> On 09.04.15 13:25, Frank Even wrote:
>>
>> Is there any place I can look to get a definitive answer in what cases
>> "flushname" will and will not work?
>
>
> it will work if you have old entries in the cache.
> that will NOT help you if any of the servers that are supposed to be
> authoritative for a domain will return invalid answers for the domain.
>
>>  I've been digging around in lists
>> and docs and can't seem to find any definitive answers.  I've been
>> having odd troubles clearing a name from a cache and after even
>> clearing the name and the name that the name servers was attached to,
>> still had to flush the entire cache to get resolution working properly
>> on that domain again.
>
>
> this indicates that any of NS records the domain points to returns NXDOMAIN
> for the domain.
>
> hard to tell without more info, but some web DNS checkers are able to trace
> this kind of issues...
> --

So flushname does not address NXDOMAIN responses?  That's the point
I'm getting at, there is no good documentation on this that I can
find.  All the responses in the lists seem to be around "well it
depends on your situation, need more data, etc."  I'd like to just be
able to find documentation on the specific behaviors of these options
so I can understand properly what they do to maintain my environment
properly without properly understanding what command will do or not do
for me.  The closest I have found is this -
https://kb.isc.org/article/AA-01002/0/How-do-I-flush-or-delete-incorrect-records-from-my-recursive-server-cache.html
- but it does not tgo on to tell what is or is not stored in the ADB
(or give a link to figure that out) to properly understand what I can
and cannot get dumped from cache by executing an "rndc flushname"
command.

I no longer have the data regardless, a full flush "fixed" the issue.
We have some automation around running a "flushname" on the servers
though and that addresses a large number of issues with cache
weirdness, so when I got pulled in for something where it wasn't
working I was curious as to why.  It seems this is a recurring
question on the lists, but I can't find where there are any definitive
answers anywhere.  If there is something that I'm missing I would be
highly appreciative of being pointed towards that information.

Thanks,
Frank


More information about the bind-users mailing list