Bug#741376: DNS A record cached excessively

Steven Chamberlain steven at pyro.eu.org
Tue Mar 11 20:03:59 UTC 2014

Package: src:iceweasel
Version: 24.3.0esr-1~deb7u1
Severity: normal


Since upgrading from 17 ESR series, Iceweasel 24 ESR has shown a
problem responding to DNS A record changes.

For a given hostname, the authoritative nameservers were updated at
10:20 with a new, single record for a given hostname.  The TTL of 4
hours expired by 14:20, and my local DNS resolver specified in
/etc/resolv.conf was returning the new A record pointing at a new
address.  'host', 'dig', and Chromium browser on this workstation would
resolve to the new IP address already.

However, when refreshing an already-open browser tab, Iceweasel still
connected me to the webserver at the old IP address beyond 19:20 that
day (5 hours past expiry of the old A record) as confirmed by tcpdump
captures.  I don't have a caching web proxy configured or acting
transparently on my network.

I tested reducing the about:config setting
network.dnsCacheExpirationGracePeriod from its default of
2592000 to 60, and this immediately rectified the problem for me.

My guess would be that some asynchronous DNS resolution (an apparently
new and not well documented feature) was not happening as intended
during the GracePeriod.


-- System Information:
Debian Release: 7.4
  APT prefers proposed-updates
  APT policy: (500, 'proposed-updates'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

More information about the pkg-mozilla-maintainers mailing list