[Unbound-users] Old or incorrect information returned?

W.C.A. Wijngaards wouter at NLnetLabs.nl
Fri Nov 6 07:30:11 UTC 2009 

Hi Haw,

The TTL on the A record seems to be originally 86400 (24h).
Thus if unbound sees the record just before it is changed, the
old data stays around for 24 hours.  Unbound has a builtin
cap that bounds this caching on a 24 hour term (by coincidence
exactly the same value as the TTL on spre.com.au).  You see
it with a 5h ttl, so, unbound saw it 19h before.  This is
exactly according to DNS spec.

If you want things in unbound cache to be flushed out earlier
than the owner intended, you can set cache-max-ttl: 86400
to a lower value instead of restarting every day.

It could also be a bug where due to a miscalculation inside
the resolver the TTL becomes -1 (or infinite), but although
such a bug is fixed recently (in svn trunk) for DNSSEC bogus
messages, my guess is you are not DNSSEC validating.

Best regards,
    Wouter


On 11/06/2009 01:08 AM, Haw Loeung wrote:
> Hi,
>
> We have received a few reports where domains have moved from one hosting
> provider to another and our resolvers (all running Unbound) has been returning
> old/incorrect information about these domains.
>
> The 2 most recent reports are for the domains supre.com.au and ozcelebs.net. I
> have included dig results one of our staff members have done to show what's
> happening.
>
> *supre.com.au (Tue Nov  3 09:24:11 2009)*
>
> =====
> $ dig supre.com.au  @syd-pow-dns2
>
>   ;<<>>  DiG 9.5.1-P2-RedHat-9.5.1-2.P2.fc10<<>>  supre.com.au @syd-pow-dns2
>   ;; global options:  printcmd
>   ;; Got answer:
>   ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59376
>   ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 0
>
>   ;; QUESTION SECTION:
>   ;supre.com.au.            IN    A
>
>   ;; ANSWER SECTION:
>   supre.com.au.        19391    IN    A    164.80.66.11
>
>   ;; AUTHORITY SECTION:
>   supre.com.au.        12591    IN    NS    ns21.nextgen.net.
>   supre.com.au.        12591    IN    NS    ns1.nextgen.net.
>   supre.com.au.        12591    IN    NS    ns0.nextgen.net.
>   supre.com.au.        12591    IN    NS    ns20.nextgen.net.
>
>   ;; Query time: 194 msec
>   ;; SERVER: 202.7.166.178#53(202.7.166.178)
>   ;; WHEN: Tue Nov  3 09:24:11 2009
>   ;; MSG SIZE  rcvd: 131
> =====
>
> *supre.com.au (Wed Nov  4 09:29:26 2009)*
>
> =====
> $ dig supre.com.au  @syd-pow-dns2
>
>   ;<<>>  DiG 9.5.1-P2-RedHat-9.5.1-2.P2.fc10<<>>  supre.com.au @syd-pow-dns2
>   ;; global options:  printcmd
>   ;; Got answer:
>   ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28899
>   ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 0
>
>   ;; QUESTION SECTION:
>   ;supre.com.au.            IN    A
>
>   ;; ANSWER SECTION:
>   supre.com.au.        19100    IN    A    164.80.66.11
>
>   ;; AUTHORITY SECTION:
>   supre.com.au.        85456    IN    NS    ns21.nextgen.net.
>   supre.com.au.        85456    IN    NS    ns20.nextgen.net.
>   supre.com.au.        85456    IN    NS    ns1.nextgen.net.
>   supre.com.au.        85456    IN    NS    ns0.nextgen.net.
>
>   ;; Query time: 143 msec
>   ;; SERVER: 202.7.166.178#53(202.7.166.178)
>   ;; WHEN: Wed Nov  4 09:29:26 2009
>   ;; MSG SIZE  rcvd: 131
> =====
>
> The TTL has already lapsed but it is still showing that the domain has been
> delegated to the old hosting providers nextgen.net when it should be
> cpanelhost.net.au and hyperservers.com.au as shown below:
>
> =====
> $ dig ns supre.com.au
>
> ;; ANSWER SECTION:
> supre.com.au.           86400   IN      NS      ns1.cpanelhost.net.au.
> supre.com.au.           86400   IN      NS      ns1.hyperservers.com.au.
> supre.com.au.           86400   IN      NS      ns2.hyperservers.com.au.
> supre.com.au.           86400   IN      NS      ns2.cpanelhost.net.au.
> =====
>
>
> Now for ozcelebs.net, here's the results of one done this morning:
>
> =====
> $ dig ozcelebs.net @syd-pow-dns1
>
>   ;<<>>  DiG 9.5.1-P2-RedHat-9.5.1-2.P2.fc10<<>>  ozcelebs.net @syd-pow-dns1
>   ;; global options:  printcmd
>   ;; Got answer:
>   ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34827
>   ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
>
>   ;; QUESTION SECTION:
>   ;ozcelebs.net.            IN    A
>
>   ;; ANSWER SECTION:
>   ozcelebs.net.        10800    IN    A    83.223.106.9
>
>   ;; AUTHORITY SECTION:
>   ozcelebs.net.        86400    IN    NS    ns1.imakdynamic.com.
>   ozcelebs.net.        86400    IN    NS    ns2.imakdynamic.com.
>
>   ;; Query time: 434 msec
>   ;; SERVER: 202.7.166.172#53(202.7.166.172)
>   ;; WHEN: Fri Nov  6 09:46:32 2009
>   ;; MSG SIZE  rcvd: 97
> =====
>
> The temporary fix we have in place right now is to reload unbound daily
> clearing out the cache. Wouter, can you help us look into this issue? Is there
> any other information I could provide to help?
>
>
> Thanks,
>
> Haw
>
>
>
>
> _______________________________________________
> Unbound-users mailing list
> Unbound-users at unbound.net
> http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users

More information about the Unbound-users mailing list