Snoop Dogg wrote:
grmbl99, your explanation doesn't fully make sense. mDNSResponder only caches negative answers when the server explicitly returns NXDOMAIN, which means "name does not exist". It would be interesting for you to revert your change and then capture the actual response your server was sending using the USR2 command I sent earlier. That will tell us exactly why it was failing.
Ok it turns out I was a bit too quick too draw my conclusion (I made some other changes to my zone files as well which were the actual solution for me), however there still is something fishy with the TTLS.
The steps described by Snoop Dogg show the following:
1: situation in which error occurs; zone file contains:
@ IN SOA ns.munnik.net. hostmaster.munnik.net. (
2009083103
43200 ; refresh after 12 hrs
3600 ; retry after 1 hour
3600000 ; expire after 42 days
2592000 ; minimum TTL of 30 days
mDNSResponder output:
Aug 31 21:14:09 unused5 mDNSResponder[28]: 47: Adding FD for uid 501
Aug 31 21:14:09 unused5 mDNSResponder[28]: 47: DNSServiceCreateConnection START
Aug 31 21:14:09 unused5 mDNSResponder[28]: 47: Error socket 48 created 00000000 00000001
Aug 31 21:14:09 unused5 mDNSResponder[28]: 47: DNSServiceQueryRecord(mail.munnik.net., Addr, 5000) START
Aug 31 21:14:09 unused5 mDNSResponder[28]: 47: Error socket 48 closed 00000000 00000001 (0)
Aug 31 21:14:09 unused5 mDNSResponder[28]: -- Sent UDP DNS Query (flags 0100) RCODE: NoErr (0) RD ID: 39429 21 bytes from port 55027 to 192.168.1.121:53 --
Aug 31 21:14:09 unused5 mDNSResponder[28]: 1 Questions
Aug 31 21:14:09 unused5 mDNSResponder[28]: 0 mail.munnik.net. Addr
Aug 31 21:14:09 unused5 mDNSResponder[28]: 0 Answers
Aug 31 21:14:09 unused5 mDNSResponder[28]: 0 Authorities
Aug 31 21:14:09 unused5 mDNSResponder[28]: 0 Additionals
Aug 31 21:14:09 unused5 mDNSResponder[28]: -- Received UDP DNS Response (flags 8580) RCODE: NoErr (0) AA RD RA ID: 39429 70 bytes from 192.168.1.121:53 to 192.168.1.5:55027 --
Aug 31 21:14:09 unused5 mDNSResponder[28]: 1 Questions
Aug 31 21:14:09 unused5 mDNSResponder[28]: 0 mail.munnik.net. Addr
Aug 31 21:14:09 unused5 mDNSResponder[28]: 1 Answers
Aug 31 21:14:09 unused5 mDNSResponder[28]: 0 TTL1879048 4 mail.munnik.net. Addr 192.168.1.121
Aug 31 21:14:09 unused5 mDNSResponder[28]: 1 Authorities
Aug 31 21:14:09 unused5 mDNSResponder[28]: 0 TTL1879048 15 munnik.net. NS ns.munnik.net.
Aug 31 21:14:09 unused5 mDNSResponder[28]: 1 Additionals
Aug 31 21:14:09 unused5 mDNSResponder[28]: 0 TTL1879048 4 ns.munnik.net. Addr 192.168.1.121
Aug 31 21:14:09 unused5 mDNSResponder[28]: 47: DNSServiceQueryRecord(mail.munnik.net., Addr) ADD 4 mail.munnik.net. Addr 192.168.1.121
Aug 31 21:14:09 unused5 mDNSResponder[28]: 47: Cancel 00000000 00000001
Aug 31 21:14:09 unused5 mDNSResponder[28]: 47: DNSServiceQueryRecord(mail.munnik.net., Addr) STOP
Aug 31 21:14:11 unused5 mDNSResponder[28]: 47: Removing FD
This results in the following entry in the cache:
Aug 31 21:28:44 unused5 mDNSResponder[28]: Slt Q TTL if U Type rdlen
Aug 31 21:14:27 unused5 mDNSResponder[28]: 72 60 -U- - Addr 0 mail.munnik.net. Addr
2: fixed situation; changed zone file contains
@ IN SOA ns.munnik.net. hostmaster.munnik.net. (
2009083104
21600 ; refresh after 6 hours
3600 ; retry after 1 hour
604800 ; expire after 1 week
86400 ; minimum TTL of 1 day
mDNSResponder output:
Aug 31 21:39:36 unused5 mDNSResponder[28]: 46: Adding FD for uid 501
Aug 31 21:39:36 unused5 mDNSResponder[28]: 46: DNSServiceCreateConnection START
Aug 31 21:39:36 unused5 mDNSResponder[28]: 46: Error socket 47 created 00000000 00000001
Aug 31 21:39:36 unused5 mDNSResponder[28]: 46: DNSServiceQueryRecord(mail.munnik.net., Addr, 5000) START
Aug 31 21:39:36 unused5 mDNSResponder[28]: 46: Error socket 47 closed 00000000 00000001 (0)
Aug 31 21:39:36 unused5 mDNSResponder[28]: -- Sent UDP DNS Query (flags 0100) RCODE: NoErr (0) RD ID: 29534 21 bytes from port 63091 to 192.168.1.121:53 --
Aug 31 21:39:36 unused5 mDNSResponder[28]: 1 Questions
Aug 31 21:39:36 unused5 mDNSResponder[28]: 0 mail.munnik.net. Addr
Aug 31 21:39:36 unused5 mDNSResponder[28]: 0 Answers
Aug 31 21:39:36 unused5 mDNSResponder[28]: 0 Authorities
Aug 31 21:39:36 unused5 mDNSResponder[28]: 0 Additionals
Aug 31 21:39:36 unused5 mDNSResponder[28]: -- Received UDP DNS Response (flags 8580) RCODE: NoErr (0) AA RD RA ID: 29534 70 bytes from 192.168.1.121:53 to 192.168.1.5:63091 --
Aug 31 21:39:36 unused5 mDNSResponder[28]: 1 Questions
Aug 31 21:39:36 unused5 mDNSResponder[28]: 0 mail.munnik.net. Addr
Aug 31 21:39:36 unused5 mDNSResponder[28]: 1 Answers
Aug 31 21:39:36 unused5 mDNSResponder[28]: 0 TTL 86400 4 mail.munnik.net. Addr 192.168.1.121
Aug 31 21:39:36 unused5 mDNSResponder[28]: 1 Authorities
Aug 31 21:39:36 unused5 mDNSResponder[28]: 0 TTL 86400 15 munnik.net. NS ns.munnik.net.
Aug 31 21:39:36 unused5 mDNSResponder[28]: 1 Additionals
Aug 31 21:39:36 unused5 mDNSResponder[28]: 0 TTL 86400 4 ns.munnik.net. Addr 192.168.1.121
Aug 31 21:39:36 unused5 mDNSResponder[28]: 46: DNSServiceQueryRecord(mail.munnik.net., Addr) ADD 4 mail.munnik.net. Addr 192.168.1.121
Aug 31 21:39:36 unused5 mDNSResponder[28]: 46: Cancel 00000000 00000001
Aug 31 21:39:36 unused5 mDNSResponder[28]: 46: DNSServiceQueryRecord(mail.munnik.net., Addr) STOP
Aug 31 21:39:38 unused5 mDNSResponder[28]: 46: Removing FD
Results in the following in the cache:
Aug 31 21:39:42 unused5 mDNSResponder[28]: Slt Q TTL if U Type rdlen
Aug 31 21:39:42 unused5 mDNSResponder[28]: 72 107996 -U- Addr 4 mail.munnik.net. Addr 192.168.1.121
So in the fixed situation the TTL in the packet log nicely matches the MIN TTL, while in the error situation the TTL in the packet log does not match the TTL in the zone file. (in both cases the TTL in the cache does not match the TTL in the packet log).
Other than a variable overflow I do not see how to make sense of this ?