samba - Mar 2004 - Negative caching of DNS queries never expires?

Hi!

I was doing some tests with a samba 3.0.2a server set up to be a wins server
and to do dns proxy, and I have found that when you queried nmbd for a name
ahta was not on wins db or found on DNS, the negative response is cached
either for a really long time or forever, in such a way that even though you
add the name to the DNS, you won't get a positive answer out of nmbd
anymore.

I have tried solving this by lowering the minimum ttl in my soa as well as
soa's ttl, and also using the option "name cache timeout" of
samba, setting
it to 0 (no cache) and to low values, but I haven't been lucky with any of
these.

Is this supposed to be like that?
Does anybody have any idea on how to solve this issue?

If this seems a problem and you need more info to try to diagnose it, don0t
hesitate to ask.

Regards...
-- 
Manty/BestiaTester -> http://manty.net

On Wed, 2004-03-31 at 03:03, Santiago Garcia Mantinan
wrote:
> Hi!
> 
> I was doing some tests with a samba 3.0.2a server set up to be a wins
server
> and to do dns proxy, and I have found that when you queried nmbd for a name
> ahta was not on wins db or found on DNS, the negative response is cached
> either for a really long time or forever, in such a way that even though
you
> add the name to the DNS, you won't get a positive answer out of nmbd
> anymore.
> 
> I have tried solving this by lowering the minimum ttl in my soa as well as
> soa's ttl, and also using the option "name cache timeout" of
samba, setting
> it to 0 (no cache) and to low values, but I haven't been lucky with any
of
> these.
> 
> Is this supposed to be like that?
> Does anybody have any idea on how to solve this issue?
> 
> If this seems a problem and you need more info to try to diagnose it, don0t
> hesitate to ask.
There was a bit of discussion about dns proxy breakage on the list a
little while back.  We even had a bug, which we then closed...

The issue appears that for *any* expired record, we don't ask DNS
again.  Have a look on the list for the patch, try it and re-open a bug
if that's really what is going on....

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet@pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet@samba.org
Student Network Administrator, Hawker College   abartlet@hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :
http://lists.samba.org/archive/samba/attachments/20040331/557920ed/attachment.bin