validating ... bad cache hit

Tony Finch dot at
Fri Apr 24 13:14:31 UTC 2020

Havard Eidnes via bind-users <bind-users at> wrote:
> Looking at the code in BIND 9.14.10 (BIND 9.16.2 doesn't appear to be
> significantly different in this regard), there appears to be a "cache
> of bad records" implemented by lib/dns/badcache.c.  There are two
> invocations of dns_resolver_addbadcache() in lib/dns/resolver.c, with
> fairly complicated preconditions to reach each of those two points.

I've had a very quick look at the code, and it looks to me like one case
is due to lack of authoritative server IP addresses, and one is due to
validation failure. I think you could work out whether it is the first
case by dumping the cache and looking for relevant adb entries for the
zone's nameservers. (But you might have to do so within the 10 minute lame

f.anthony.n.finch  <dot at>
Shetland Isles: Northeast 3 to 5, becoming variable 3 or less. Slight or
moderate. Fair. Good.

More information about the bind-users mailing list