[dns-operations] Odd resolver/cache behavor or normal operation?

Mohamed Lrhazi ml623 at georgetown.edu
Mon Aug 26 14:27:41 UTC 2013


Hello,

We had mail outage which was caused by one of our three recursive caching
DNS servers to be answering a query like seen bellow.

What could explain the fact that this record had zero answers? and why
would the cache server, apparently, cache this answer for over 10 hours
(until I manually cleared the cache)? A user reported that the cache server
was returning AAAA records, but no IPv4, though we dont have an example of
such query/response saved. I guess the fact that the server had AAAA record
would explain why the bellow response is a NOERROR?

➜  ~  dig imap.gmail.com @141.161.200.201

; <<>> DiG 9.9.2-P1 <<>> imap.gmail.com @141.161.200.201
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34151
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 5

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;imap.gmail.com. IN A

;; AUTHORITY SECTION:
gmail.com. 94747 IN NS ns3.google.com.
gmail.com. 94747 IN NS ns2.google.com.
gmail.com. 94747 IN NS ns4.google.com.
gmail.com. 94747 IN NS ns1.google.com.

;; ADDITIONAL SECTION:
ns2.google.com. 269064 IN A 216.239.34.10
ns1.google.com. 269064 IN A 216.239.32.10
ns3.google.com. 269064 IN A 216.239.36.10
ns4.google.com. 269064 IN A 216.239.38.10

;; Query time: 56 msec
;; SERVER: 141.161.200.201#53(141.161.200.201)
;; WHEN: Sat Aug 24 16:21:17 2013
;; MSG SIZE  rcvd: 186

Thanks a lot,
Mohamed.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dns-oarc.net/pipermail/dns-operations/attachments/20130826/d9a78c20/attachment.html>


More information about the dns-operations mailing list