[Techtalk] Question about DNS

jennyw jennyw at dangerousideas.com
Fri Dec 7 11:41:18 EST 2001 

I think the problem is fixed. I used to think the first name server would be
contacted before the second, but now realize that the second name server can
be contacted, too.  I hadn't configured second name server as a slave as I
had thought, so some info wasn't propagating.  There is still some weirdness
at Stanford, but I'm now convinced this is a Stanford thing (it may not even
be the regular Stanford network; this is based on behavior at one of the
apartments at Stanford).

Jen

----- Original Message -----
From: "jennyw" <jennyw at dangerousideas.com>
To: <raven at oneeyedcrow.net>; <techtalk at linuxchix.org>
Sent: Thursday, December 06, 2001 12:26 PM
Subject: Re: [Techtalk] Question about DNS


> Thanks, Raven!
>
> I suspect there may have been problems with my using Webmin. I redid the
> files by hand and things look more normal now when query my two name
> servers. However, the errors do not necessarily explain why stanford and
> sjsu aren't resolving correctly (the errors were that the secondary name
> server wasn't properly setup as a slave; and that some of the soa
> information wasn't quite right).
>
> The only thing I can figure is that the campuses' name servers skipped
query
> the primary name server on my domain, got no response from the secondary
> name server (it apparently didn't have the record since it wasn't acting
as
> a slave like I thought it was), and are caching that.  Of course, that
still
> doesn't explain the week long delays.  Again, other sites are having no
> trouble.
>
> Thanks for the info on other name servers! I currently only use BIND 8
(I've
> used Meta-IP in the past, but that was when it first came out).
>
> There is, of course, the possibility that Stanford and SJSU are just doing
> weird things and that it's not really something on my side that's causing
> this. I wish I could figure out what was going on ...
>
> Jen
>
>
> ----- Original Message -----
> From: "Raven, corporate courtesan" <raven at oneeyedcrow.net>
> To: <techtalk at linuxchix.org>
> Sent: Thursday, December 06, 2001 11:23 AM
> Subject: Re: [Techtalk] Question about DNS
>
>
> > Heya --
> >
> > Quoth jennyw (Thu, Dec 06, 2001 at 10:27:57AM -0800):
> > > In ORA's DNS and BIND it says that negative caching was introduced in
> BIND
> > > 8, but that this is hardcoded at 10 minutes.  I'm getting negative
> responses
> > > for >1 week. It's possible they're using some weird variant, but why
> would
> > > they do such a thing?
> >
> > Well, they may be using Bind 9, or Meta-IP, or djbdns.  There
> > are other nameservers out there.  Djbdns (its tinydns component) uses
> > the SOA TTL for negative answers.  So does Bind 9, apparantly.  So it
> > would be 11 hours, not 10 minutes, if they were using either one of
> > these servers.  I don't remember off the top of my head what Meta-IP
> > does.
> >
> > For the bored: the RFC on negative caching can be found at
> > http://www.nominum.com/resources/standards/bind-rfc/rfc2308
> >
> > The lack of availability to your new addresses is puzzling,
> > though.  I'll keep digging.  Can those domains access your machines by
> > IP but not by name?  (I just want to make sure it's not a routing
> > problem somehow.)
> >
> > > Another confusing thing is that the TTL for the domain is set to be
> 38400
> > > seconds (less than 11 hours). Why should anything take longer than a
day
> to
> > > update?
> >
> > Has it always been set that way?  If you had your cache timeouts
> > set to a month, and then you changed them to 11 hours, then you'd still
> > have to wait the full month to make sure that all entries previously
> > cached had expired.
> >
> > Also, do you have PTR records in there for those hosts?  Weird
> > things can sometimes happen if you don't have DNS going both ways.  Some
> > programs will check that the IP resolves to the name as a security
> > feature... but that shouldn't matter for basic resolution.
> >
> > Cheers,
> > Raven
> >
> > "Try explaining to a home user that his or her machine has been used in
> >  a DDoS attack.  The response I received by one home PC owner was:
> "Cool!""
> >   -- Rob Thomas, on NANOG
> > _______________________________________________
> > Techtalk mailing list
> > Techtalk at linuxchix.org
> > http://www.linuxchix.org/mailman/listinfo/techtalk
> >
> >
> >
>
> _______________________________________________
> Techtalk mailing list
> Techtalk at linuxchix.org
> http://www.linuxchix.org/mailman/listinfo/techtalk
>
>
>

More information about the Techtalk mailing list