To:
dnsop@cafax.se
From:
Gunnar Lindberg <lindberg@cdg.chalmers.se>
Date:
Thu, 20 Feb 2003 16:39:02 +0100 (MET)
Sender:
owner-dnsop@cafax.se
Subject:
timeout of glue A record
Is this a bug or a flaw in the DNS design? Some days ago we saw:
% dig @our-ns1 foo.bar ns
;; ANSWER SECTION:
foo.bar. 23h19m44s IN NS b.ns.foo.bar.
foo.bar. 23h19m44s IN NS a.ns.foo.bar.
;; ADDITIONAL SECTION:
;; None - NB <-----------------
% dig @our-ns2 foo.bar ns
;; ANSWER SECTION:
foo.bar. 2m51s IN NS a.ns.foo.bar.
foo.bar. 2m51s IN NS b.ns.foo.bar.
;; ADDITIONAL SECTION:
a.ns.foo.bar. 2m51s IN A 192.n.m.1
b.ns.foo.bar. 2m51s IN A 192.n.m.2
So, our-ns1 had a reference to their NSs (the names to be specific)
but the corresponding glue A records were missing. What happened
before to get us into this state is beyond my knowledge, but since
our-ns2 was counting down the glue A's ttl I take it they reached 0
and were simply discarded.
After 2m51s our-ns2 was able to refresh both set of records, while
our-ns1 stayed out of sync for another 23h19m44s.
It would seem reasonable to me that the DNS should not keep NS
records unless it has at least some A records to support them.
Is this a bug or design flaw?
Gunnar Lindberg
#----------------------------------------------------------------------
# To unsubscribe, send a message to <dnsop-request@cafax.se>.