Hi all, > I also noticed this. After digging the cache content of my DNS, I have > found > that nsatc.net only have one NS entry in my cache and that entry did not > reply > to DNS request. Removing nsatc.net entries from my cache resolve the issue > (rec_control wipe-cache nsatc.net).
> I guess that someone did a mistake when they changed nsatc.net NS entries. > This wrong/partial configuration propagated to some DNS resolver depending > of the TTL expiration until the nsatc.net zone was fixed. It's a good guess, but I'm betting that is not the case. I have confirmed that the current recursor still sometimes has problems with updating cached entries with new data. Sometimes it merges the new information with the old, which should never happen. The result is an RRset that has information with varying TTLs- a DNS no-no. The outcome is that information in the RRset will only partially expire (which is WHY it's a no-no). This is often noticed when some, but not all, NS records expire, and the remaining information is a single nonresponsive server. It's highly likely that this happened here. But, sorry, I'm not actually sure yet what exact situation(s) still cause the recursor to do this. I know Bert has previously squashed at least two bugs on this very subject. In theory, the recursor should always remove all old information for an RRset when new information for that RRset is cached. ============================ Darren Gamble Systems Architect, Regional Services Shaw Cablesystems GP 630 - 3rd Avenue SW Calgary, Alberta, Canada T2P 4L4 (403) 781-4948 _______________________________________________ Pdns-users mailing list [email protected] http://mailman.powerdns.com/mailman/listinfo/pdns-users
