[Techtalk] Question about DNS

jennyw jennyw at dangerousideas.com
Thu Dec 6 13:26:49 EST 2001 

Thanks, Raven!

I suspect there may have been problems with my using Webmin. I redid the
files by hand and things look more normal now when query my two name
servers. However, the errors do not necessarily explain why stanford and
sjsu aren't resolving correctly (the errors were that the secondary name
server wasn't properly setup as a slave; and that some of the soa
information wasn't quite right).

The only thing I can figure is that the campuses' name servers skipped query
the primary name server on my domain, got no response from the secondary
name server (it apparently didn't have the record since it wasn't acting as
a slave like I thought it was), and are caching that.  Of course, that still
doesn't explain the week long delays.  Again, other sites are having no
trouble.

Thanks for the info on other name servers! I currently only use BIND 8 (I've
used Meta-IP in the past, but that was when it first came out).

There is, of course, the possibility that Stanford and SJSU are just doing
weird things and that it's not really something on my side that's causing
this. I wish I could figure out what was going on ...

Jen


----- Original Message -----
From: "Raven, corporate courtesan" <raven at oneeyedcrow.net>
To: <techtalk at linuxchix.org>
Sent: Thursday, December 06, 2001 11:23 AM
Subject: Re: [Techtalk] Question about DNS


> Heya --
>
> Quoth jennyw (Thu, Dec 06, 2001 at 10:27:57AM -0800):
> > In ORA's DNS and BIND it says that negative caching was introduced in
BIND
> > 8, but that this is hardcoded at 10 minutes.  I'm getting negative
responses
> > for >1 week. It's possible they're using some weird variant, but why
would
> > they do such a thing?
>
> Well, they may be using Bind 9, or Meta-IP, or djbdns.  There
> are other nameservers out there.  Djbdns (its tinydns component) uses
> the SOA TTL for negative answers.  So does Bind 9, apparantly.  So it
> would be 11 hours, not 10 minutes, if they were using either one of
> these servers.  I don't remember off the top of my head what Meta-IP
> does.
>
> For the bored: the RFC on negative caching can be found at
> http://www.nominum.com/resources/standards/bind-rfc/rfc2308
>
> The lack of availability to your new addresses is puzzling,
> though.  I'll keep digging.  Can those domains access your machines by
> IP but not by name?  (I just want to make sure it's not a routing
> problem somehow.)
>
> > Another confusing thing is that the TTL for the domain is set to be
38400
> > seconds (less than 11 hours). Why should anything take longer than a day
to
> > update?
>
> Has it always been set that way?  If you had your cache timeouts
> set to a month, and then you changed them to 11 hours, then you'd still
> have to wait the full month to make sure that all entries previously
> cached had expired.
>
> Also, do you have PTR records in there for those hosts?  Weird
> things can sometimes happen if you don't have DNS going both ways.  Some
> programs will check that the IP resolves to the name as a security
> feature... but that shouldn't matter for basic resolution.
>
> Cheers,
> Raven
>
> "Try explaining to a home user that his or her machine has been used in
>  a DDoS attack.  The response I received by one home PC owner was:
"Cool!""
>   -- Rob Thomas, on NANOG
> _______________________________________________
> Techtalk mailing list
> Techtalk at linuxchix.org
> http://www.linuxchix.org/mailman/listinfo/techtalk
>
>
>

More information about the Techtalk mailing list