Hi Haw, The TTL on the A record seems to be originally 86400 (24h). Thus if unbound sees the record just before it is changed, the old data stays around for 24 hours. Unbound has a builtin cap that bounds this caching on a 24 hour term (by coincidence exactly the same value as the TTL on spre.com.au). You see it with a 5h ttl, so, unbound saw it 19h before. This is exactly according to DNS spec.
If you want things in unbound cache to be flushed out earlier than the owner intended, you can set cache-max-ttl: 86400 to a lower value instead of restarting every day. It could also be a bug where due to a miscalculation inside the resolver the TTL becomes -1 (or infinite), but although such a bug is fixed recently (in svn trunk) for DNSSEC bogus messages, my guess is you are not DNSSEC validating. Best regards, Wouter On 11/06/2009 01:08 AM, Haw Loeung wrote:
Hi, We have received a few reports where domains have moved from one hosting provider to another and our resolvers (all running Unbound) has been returning old/incorrect information about these domains. The 2 most recent reports are for the domains supre.com.au and ozcelebs.net. I have included dig results one of our staff members have done to show what's happening. *supre.com.au (Tue Nov 3 09:24:11 2009)* ===== $ dig supre.com.au @syd-pow-dns2 ;<<>> DiG 9.5.1-P2-RedHat-9.5.1-2.P2.fc10<<>> supre.com.au @syd-pow-dns2 ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59376 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 0 ;; QUESTION SECTION: ;supre.com.au. IN A ;; ANSWER SECTION: supre.com.au. 19391 IN A 164.80.66.11 ;; AUTHORITY SECTION: supre.com.au. 12591 IN NS ns21.nextgen.net. supre.com.au. 12591 IN NS ns1.nextgen.net. supre.com.au. 12591 IN NS ns0.nextgen.net. supre.com.au. 12591 IN NS ns20.nextgen.net. ;; Query time: 194 msec ;; SERVER: 202.7.166.178#53(202.7.166.178) ;; WHEN: Tue Nov 3 09:24:11 2009 ;; MSG SIZE rcvd: 131 ===== *supre.com.au (Wed Nov 4 09:29:26 2009)* ===== $ dig supre.com.au @syd-pow-dns2 ;<<>> DiG 9.5.1-P2-RedHat-9.5.1-2.P2.fc10<<>> supre.com.au @syd-pow-dns2 ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28899 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 0 ;; QUESTION SECTION: ;supre.com.au. IN A ;; ANSWER SECTION: supre.com.au. 19100 IN A 164.80.66.11 ;; AUTHORITY SECTION: supre.com.au. 85456 IN NS ns21.nextgen.net. supre.com.au. 85456 IN NS ns20.nextgen.net. supre.com.au. 85456 IN NS ns1.nextgen.net. supre.com.au. 85456 IN NS ns0.nextgen.net. ;; Query time: 143 msec ;; SERVER: 202.7.166.178#53(202.7.166.178) ;; WHEN: Wed Nov 4 09:29:26 2009 ;; MSG SIZE rcvd: 131 ===== The TTL has already lapsed but it is still showing that the domain has been delegated to the old hosting providers nextgen.net when it should be cpanelhost.net.au and hyperservers.com.au as shown below: ===== $ dig ns supre.com.au ;; ANSWER SECTION: supre.com.au. 86400 IN NS ns1.cpanelhost.net.au. supre.com.au. 86400 IN NS ns1.hyperservers.com.au. supre.com.au. 86400 IN NS ns2.hyperservers.com.au. supre.com.au. 86400 IN NS ns2.cpanelhost.net.au. ===== Now for ozcelebs.net, here's the results of one done this morning: ===== $ dig ozcelebs.net @syd-pow-dns1 ;<<>> DiG 9.5.1-P2-RedHat-9.5.1-2.P2.fc10<<>> ozcelebs.net @syd-pow-dns1 ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34827 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0 ;; QUESTION SECTION: ;ozcelebs.net. IN A ;; ANSWER SECTION: ozcelebs.net. 10800 IN A 83.223.106.9 ;; AUTHORITY SECTION: ozcelebs.net. 86400 IN NS ns1.imakdynamic.com. ozcelebs.net. 86400 IN NS ns2.imakdynamic.com. ;; Query time: 434 msec ;; SERVER: 202.7.166.172#53(202.7.166.172) ;; WHEN: Fri Nov 6 09:46:32 2009 ;; MSG SIZE rcvd: 97 ===== The temporary fix we have in place right now is to reload unbound daily clearing out the cache. Wouter, can you help us look into this issue? Is there any other information I could provide to help? Thanks, Haw _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
_______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
