Maintained by: NLnet Labs

[Unbound-users] Strange result from Unbound cache

Hauke Lampe
Fri Nov 26 01:37:44 CET 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 25.11.2010 21:02, lst_hoe02 at kwsoft.de wrote:

>>> $ dig -b 193.27.54.7 @213.150.41.253 c.ns.secunia.com. +short
>>> 91.198.117.1
>>> 91.198.117.1
> 
> Yes, but i'm a little bit baffled that identical records are returned.
> Does unbound cache it this way or are the records subtil different?

Unbound just returns what the authoritative nameserver sent.

Duplicate A records like this are often produced by djbdns' tinydns-data
tool when its built-in shortcuts are used, e.g. multiple "&" records
with address, which generate NS + A records.

&example.org:127.0.0.1:ns1.example.org.:86400
&example.com:127.0.0.1:ns1.example.org.:86400
&example.net:127.0.0.1:ns1.example.org.:86400

would produce 1 NS record for example.{org,com,net} each and 3 A records
for ns1.example.org.

> Bind 9.7 only provide only one record for the same query.

BIND removes duplicate nameserver addresses from responses, it seems.


Hauke.


JFTR, when using tinydns, I usually advise not to use the macros and
stick to one output record per line, ie. use "Z", "&" and "+" instead of
a single "." and define all A records explicitly. It may be neat to save
a few bytes per zone but it can be difficult to trace problems. And I
don't like most of the defaults.

(yes, talking about djbdns syntax feels a bit like speaking Esperanto ;)


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkzvAVIACgkQKIgAG9lfHFNlwACggYMZ9OrQDjqk5VgBBiff4gUi
gJ4Anj0NA77SjV6E4yHxSCgUS/gQ9gzs
=/QgS
-----END PGP SIGNATURE-----