TLD nameservers that also cache?

Andrew Brown atatat at atatdot.net
Thu Jul 6 21:15:54 UTC 2000


>	What got this started is that we have discovered that 
>ns.belnet.be (a.k.a., vivaldi.belnet.be [193.190.198.2] & 
>holem.belnet.be [193.190.198.10]) are not only secondary nameservers 
>for the ".be" ccTLD, but are also caching nameservers.
>
>	Of course, when we make changes on our own local network (e.g., 
>to move www.skynet.be to a different IP address), we restart our own 
>caching nameservers, so that our customers can see these changes as 
>quickly as possible.  However, when the caching nameservers come back 
>up, it is fairly likely that they will have their cache polluted by 
>the old information that has been cached on one of these two machines.

to sum up...your caching nameservers become "polluted" by old
information that other caching nameservers (that also happen to be
gtld servers) are serving.

you wish to remove the old information from caching nameserves not
under your control.

typically, you simply restart the nameserver to flush the cache (gee,
it would be neat if named could be told to flush all it's cached
data), but that's not possible since the name server is not under your
control.  or you arrange for the caching name server in question to
secondary the data (semi)volatile data that you wish to expire so that
it "knows" about changes more quickly after they occur.

since you can't do that (and i've often found myself in a similar
situation, where a caching nameserver was caching a negative answer to
a query and i had just inserted an answer into my local authoritative
name server), you may want to try a different trick.

what i've done in the past is insert a random cname that points to the
record that has new data and used dig to ask the foreign caching name
server for data belonging to the cname.  i'm not being clear, am i?
for example:

 * name server afoo is auth for foo.com
 * name server hoop is a foreign caching server
 * i add bang.foo.com to afoo and ask hoop about it
 * hoop already has a cache negative entry for bang.foo.com
 * i add "slap cname bang" to the foo.com zone
 * i ask hoop for slap.foo.com's txt record
 * hoop recurses and asks afoo for slap data
 * afoo responds with the cname and the data for bang
 * hoop now has fresh bang data
 * i remove the slap cname since i no longer need it

this has worked for me in the past, although it's a little tricky.
once i had to chain three or four cnames to get it right (in getting
it wrong i was populating the foreign server's cache with negative
answers for things that i was making up new answers).

-- 
|-----< "CODE WARRIOR" >-----|
codewarrior at daemon.org             * "ah!  i see you have the internet
twofsonet at graffiti.com (Andrew Brown)                that goes *ping*!"
andrew at crossbar.com       * "information is power -- share the wealth."



More information about the bind-workers mailing list