Lubomir Sedlacik wrote:
> let's see closer:
> 
>  > dig man.NetBSD.org
>  ...
>  ;; ANSWER SECTION:
>  man.NetBSD.org.         23h59m28s IN CNAME  web-a.us.gw.com.
> 
>  ;; AUTHORITY SECTION:
>  gw.com.                 14m28s IN SOA   seven.gw.com. kim.gw.com. (
>  ...
> 
> as you can see, man.netbsd.org is a CNAME record for web-a.us.gw.com,
> that's what your (and my) dns server has in its cache.  but
> authoritative nameservers for gw.com don't know about web-a.us.gw.com
> anymore.
> 
> now let's ask the authoritative nameserver for NetBSD.org domain:

There are five authoritative nameservers for netbsd.org.


>  > dig @ns.NetBSD.org man.NetBSD.org
>  ...
>  ;; ANSWER SECTION:
>  man.NetBSD.org.         86400   IN      CNAME   web-a.fi.gw.com.
>  web-a.fi.gw.com.        522     IN      A       213.28.202.226
> 
> so as you can see from inspecting the ip address ranges the machine in
> question was moved from USA to Finland and its A record changed.
> man.NetBSD.org CNAME record was updated but it didn't reach your
> nameserver, since it has the previous entry in cache and it didn't
> expire, yet.

Let's see even closer, since it definitely is unreachable for me, too.

$ dig netbsd.org ns
[...]
;; ANSWER SECTION:
netbsd.org.             14h11m10s IN NS  adns1.berkeley.edu.
netbsd.org.             14h11m10s IN NS  adns2.berkeley.edu.
netbsd.org.             14h11m10s IN NS  uucp-gw-1.pa.dec.com.
netbsd.org.             14h11m10s IN NS  uucp-gw-2.pa.dec.com.
netbsd.org.             14h11m10s IN NS  ns.netbsd.org.

Querying each server in turn directly reveals that only ns.netbsd.org
knows about the updated CNAME for man.netbsd.org _and_ its serial
number dates to June the 12th. All the other servers hand out the old
CNAME.

There you are, updated zone without updated serial.

Regards,

ND