Sticky old nameservers

Stephane Bortzmeyer bortzmeyer at nic.fr
Wed Feb 19 08:07:44 UTC 2020


I thought I knew the DNS but apparently I don't.

Yesterday, around 1030 UTC the domain assemblee-nationale.fr had an
issue: the IP address of its nameservers changed. The "new"
nameservers served a different NS set. The problem is now fixed since
yesterday, around 1200 UTC . The TTL of the wrong information was only
300 seconds. Therefore, it should have disappeared by now. But it is
not the case:

% dig NS assemblee-nationale.fr

; <<>> DiG 9.11.5-P4-5.1-Debian <<>> NS assemblee-nationale.fr
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56522
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;assemblee-nationale.fr.	IN NS

;; ANSWER SECTION:
assemblee-nationale.fr.	300 IN NS ns1432.ztomy.com.
assemblee-nationale.fr.	300 IN NS ns2432.ztomy.com.

;; Query time: 495 msec
;; SERVER: ::1#53(::1)
;; WHEN: Wed Feb 19 09:01:12 CET 2020
;; MSG SIZE  rcvd: 102

The correct NS set is ns{0,1,2}.fr.claradns.net, as you can see in the
delegation (which did not change). Why is it not picked?

It is as if the resolver does not return to the parent and, when the
TTL expires, queries again the wrong nameservers.

[::1 is Unbound Version 1.9.0 linked libs: libevent 2.1.8-stable (it
uses epoll), OpenSSL 1.1.1d  10 Sep 2019]

[Restarting Unbound solves the problem.]


More information about the Unbound-users mailing list