Should bind ignore bad cached NS?
Cricket Liu
cricket at acmebw.com
Wed Nov 17 21:13:07 UTC 1999
> Here's what I think is what's I've been seeing as far as a "troubling"
> difference between 8.2.2 and 4.9.7. One domain which exibits this
> effect is 'jerkandtheoffs.com'
>
> Anyway, the NSs in the jerkandtheoffs.com DNS records are bogus:
>
> ;; AUTHORITY SECTION:
> jerkandtheoffs.com. 23h33m37s IN NS ns.nyc.datacom.net.
> jerkandtheoffs.com. 23h33m37s IN NS ns.dc.datacom.net.
>
> No A records are returned or exist for those names.
>
> Now I _think_ what's going on once BIND gets that NS info, it
> ignores the NS entries in the 'Nic DNS records. So if I now do a
> 'dig jerkandtheoffs.com mx' BIND will try to contact one of
> the above 2 NS servers and will fail. According to 'Nic,
> the DNS servers for that domain are: SERVER0.DATACOM.NET and
> SERVER1.DATACOM.NET. If I do a 'dig @SERVER0.DATACOM.NET
jerkandtheoffs.com mx'
> then all is well.
>
> It appears that 4.9.7 would ignore any cached NS entries for a
> domain, and use the 'Nic records...
Right, because the intrazone NS RRs have higher credibility than the
ones in the com zone.
> Can anyone else reproduce this?
This "deadlock" scenario has been described by Mark Andrews on
bind-users before.
cricket
More information about the bind-workers
mailing list