rndc flushname not working
lists+isc.org at elitists.org
Fri Apr 10 17:46:25 UTC 2015
On Fri, Apr 10, 2015 at 2:19 AM, Matus UHLAR - fantomas
<uhlar at fantomas.sk> wrote:
> On 09.04.15 13:57, Frank Even wrote:
>> So flushname does not address NXDOMAIN responses?
> oh yes, it does. But it seems that after you flush the name and resolve
> again, someone is providing you with further NXDOMAIN.
> Flushname can not help you with broken server or broken delegation.
Some of the things I have read seem to have conflicting information on
it and there is no good documentation on exactly what flushname can
and cannot clear (which is the problem and why this question seems to
keep coming up in the lists).
>> I'm getting at, there is no good documentation on this that I can
>> find. All the responses in the lists seem to be around "well it
>> depends on your situation, need more data, etc."
What exactly does flushname clear is not necessarily a generic
question. If it was better documented you may avoid answering these
questions over and over.
>> I no longer have the data regardless, a full flush "fixed" the issue.
>> We have some automation around running a "flushname" on the servers
>> though and that addresses a large number of issues with cache
> Flushname should be only needed if something breaks. It should not be needed
> to run that automatically. If you need flush more often than just
> ocationally, there is apparently broken nameserver or too big TTL set and
> fixing the server or lowering the TTL should fix the issue.
I suspect what happened is someone hit these servers and cached a
record prior to a domain being fully setup. BUT, the fact that
flushname did not work on the domain itself, or on dumping the domain
of the NS records (a different domain), yet flushing the cache got the
domain working again makes me wonder exactly what flushname does and
does not address (and nowhere can I find where that is documented).
The existing documentation does say that flushname will not clear some
things, but does not follow up on any way to get a complete idea of
what those things are.
More information about the bind-users