Intermittent NXDOMAIN for a name we are forwarding
marka at isc.org
Mon Feb 22 04:46:10 UTC 2016
In message <2f868c2b-d04b-4caf-abd7-8176352ccfa5 at googlegroups.com>, blrmaani wr
> On Friday, February 19, 2016 at 5:09:02 PM UTC-8, blrmaani wrote:
> > We have a DNS setup where we forward a name in one domain to 5 external nam
> eservers. We see NXDOMAIN error intermittently (once in couple of weeks). How
> do I debug this issue?
> > I took a cache dump on our DNS and 2 out of 5 nameserver IPs appear in "Una
> ssociated entries" when the problem happens.
> > Any advice to troubleshoot this issue is greatly appreciated.
> > Thanks
> > Blr
> the cache dump also has this entry (myname.mydomain.com is name I am interest
> ed in)
> myname.mydomain.com 10324 \-ANY ;-$NXDOMAIN
> Which probably means if anyone requests for myname.mydomain.com, they will be
> handed NXDOMAIN for upto 10324 seconds from now..
> Our current work around is to restart named (which cache) or we could do a 'r
> ndc flush'.
> Question: Is there a BIND option to say 'Don't cache myname.mydomain.com for
> NXDOMAIN error code?'
No. Fix the source of the NXDOMAIN. Ask all the external nameservers
for "myname.mydomain.com type666" and see what they respond with. If
it is NXDOMAIN then you have the source(s) if the NXDOMAIN.
dig @server myname.mydomain.com type666
This is a case of Garbage In (NXDOMAIN) - Garbage Out (NXDOMAIN).
> Alternatively, I can have a local query for this and flush cache if error cod
> e is NXDOMAIN, but is hacky.. I would like a config option
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
> bind-users mailing list
> bind-users at lists.isc.org
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users