[dns-operations] Clear DNS cache

Jared Mauch jared at puck.nether.net
Thu Jun 20 13:48:47 UTC 2013


Also a reminder that one could use the openresolverproject data set to check for poisoning or stale information. 

Or would folks prefer a portal to that info?

Jared Mauch

On Jun 20, 2013, at 9:29 AM, Vernon Schryver <vjs at rhyolite.com> wrote:

>>> "..It seems your nameservers don't agree on the SOA serial number!... "
> 
> I wouldn't put too much stock in what http://viewdns.info/ says
> about anything, and not just because what how third parties digest
> your RRs is not dispositives or because historically the web DNS
> digesters have always spread a lot of bogus fear, uncertainty,
> doubt, and misinformation.  All that really matters is what `dig`,
> `nslookup`, other tools, and recursive and stubb resolvers say.
> 
> They're badly confused about the DNS RRs for rhyolite.com.  Never
> mind what I suspect are their glue confusions, perhaps due to IPv6
> or perhaps due to my using well distributed secondaries.  
> Besides "your nameservers don't agree on the SOA serial number"
> they also say this about my SOA:
> 
>    Your Start of Authority (SOA) record is:
> 
>    Primary nameserver: 5
>    Hostmaster E-mail address: 2
>    Serial number: 28800
>    Refresh: 20130815213614
>    Retry: 20130616213614
>    Expire: 26805
>    Minimum TTL: rhyolite.com.
> 
> and then hector me about the implications of that silly nonsense.
> 
> This is what an old version of `dig +dnssec` on someone's 
> system (not mine) says:
> 
>    rhyolite.com.           27587   IN      SOA     ns.rhyolite.com. named-mgr.rhyolite.com. 1371422174 3600 900 2592000 7200
>    rhyolite.com.           27587   IN      RRSIG   SOA 5 2 28800 20130815213614 20130616213614 26805 rhyolite.com. uTprgMR4QbNDzyBKCgDUINT1ToLVnSvB9UZ3IOoNofQmx9kQ5u8toMj+ aEX+MN7cUJqyXvYqrG3f4jf9ezfXEaOUkaMVGYitXK+FfA80jOGL2d9s EPSGjFrPu47mcy8hbkz9PAYtMY1wG/4iIpy/kJLXB/sRMfkdwtA7NKst s0M=
> 
> Notice the "20130815213614" in the RRSIG.  I think an exegesis of RRs
> by code written by someone who didn't reflexively deal getting unexpected
> RRs from strange DNS servers should not be interesting to anyone,
> and especially not when the extra RR is standard and only included when
> you explicitly ask for it with the flag bit.
> 
> 
> They also say:
> 
>    Your Mail eXchanger (MX) records are:
> 
>    5 2 [TTL=IN]
> 
> and they point out the various crazinesses of that.
> 
> 
> Vernon Schryver    vjs at rhyolite.com
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs



More information about the dns-operations mailing list