Hi, Today, some of our customers could not resolve state.gov by our cache server. I found state.gov is served by dnsauth1.sys.gtei.net, dnsauth2.sys.gtei.net, dnsauth3.sys.gtei.net. Using some others' DNS servers I found their IP addresses should be 4.2.49.2, 4.2.49.3, 4.2.49.4. But, our cache server(BIND9.3.1) got some othere IPs( I've tried restart bind9.3.1). So, it always failed to resolve state.gov. After restarting BIND9.3.1 again, I did "rndc flush" for several times, then it comes back. Why? is there something poisoned ? Joe =========== BIND9 got wrong server IP ====

set debug dnsauth1.sys.gtei.net Server: dnsv2.zjhzptt.net.cn Address: 202.101.172.133

;; res_nmkquery(QUERY, dnsauth1.sys.gtei.net, IN, A) ------------ Got answer: HEADER: opcode = QUERY, id = 58203, rcode = NOERROR header flags: response, want recursion, recursion avail. questions = 1, answers = 1, authority records = 3, additional = 2 QUESTIONS: dnsauth1.sys.gtei.net, type = A, class = IN ANSWERS: -> dnsauth1.sys.gtei.net internet address = 128.121.126.139 ttl = 86084 (86084) AUTHORITY RECORDS: -> gtei.net nameserver = dnsauth2.sys.gtei.net ttl = 172565 (172565) -> gtei.net nameserver = dnsauth3.sys.gtei.net ttl = 172565 (172565) -> gtei.net nameserver = dnsauth1.sys.gtei.net ttl = 172565 (172565) ADDITIONAL RECORDS: -> dnsauth2.sys.gtei.net internet address = 169.132.13.103 ttl = 86084 (86084) -> dnsauth3.sys.gtei.net internet address = 192.67.198.6 ttl = 86084 (86084) ------------ Non-authoritative answer: Name: dnsauth1.sys.gtei.net Address: 128.121.126.139

============================== Restart bind and do "rndc flush" 6 times, I got: ======================

set debug state.gov Server: hzdnsv2.zjhzptt.net.cn Address: 202.101.172.133

;; res_nmkquery(QUERY, state.gov, IN, A) ------------ Got answer: HEADER: opcode = QUERY, id = 20953, rcode = NOERROR header flags: response, want recursion, recursion avail. questions = 1, answers = 1, authority records = 3, additional = 3 QUESTIONS: state.gov, type = A, class = IN ANSWERS: -> state.gov internet address = 164.109.48.80 ttl = 1778 (1778) AUTHORITY RECORDS: -> state.gov nameserver = dnsauth3.sys.gtei.net ttl = 1778 (1778) -> state.gov nameserver = dnsauth1.sys.gtei.net ttl = 1778 (1778) -> state.gov nameserver = dnsauth2.sys.gtei.net ttl = 1778 (1778) ADDITIONAL RECORDS: -> dnsauth1.sys.gtei.net internet address = 4.2.49.2 ttl = 172767 (172767) -> dnsauth2.sys.gtei.net internet address = 4.2.49.3 ttl = 172767 (172767) -> dnsauth3.sys.gtei.net internet address = 4.2.49.4 ttl = 172767 (172767) ------------ Non-authoritative answer: Name: state.gov Address: 164.109.48.80

================================== __________________________________ Meet your soulmate! Yahoo! Asia presents Meetic - where millions of singles gather http://asia.yahoo.com/meetic