[nsp] resolving ftp.cisco.com

Jared Mauch jared at puck.nether.net
Mon Jul 14 13:24:37 EDT 2003


On Mon, Jul 14, 2003 at 06:13:17PM +0200, sthaug at nethelp.no wrote:
> > 	Anyone else having problems resolving ftp.cisco.com?
> 
> Yup. Explicit lookups (dig, host, whatever) against the Cisco name
> servers work fine. After restarting local (caching) name servers,
> ftp.cisco.com lookups (against the caching name servers) work for a
> short time, and then stop working.
> 
> I haven't had time to look more deeply into the problem yet - but it
> has bitten me several times during the last few days.

	Someone at Cisco has responded to me.  I think they're going
to increase the 10S ttl to something higher as well as fix the rfc1918
address in DNS as well.  Once the 10S ttl is gone, and peoples
nameservers no longer have the rfc1918 address that they are trying
to connect to, I suspect resolution will get better.

	(instead of getting answer, caching for 10S, expiring,
then load-sharing over to the other ip of sjce-dirty-ddir
and then timing out because we can't connect to it, etc..)

	I'm guessing that the reason that not everyone is having
this problem is that people on windows based systems typically
ignore the ttl received and the properly behaving hosts see
the problem.

	- Jared

-- 
Jared Mauch  | pgp key available via finger from jared at puck.nether.net
clue++;      | http://puck.nether.net/~jared/  My statements are only mine.


More information about the cisco-nsp mailing list