Maintained by: NLnet Labs

[Unbound-users] Inconsistent TTL in (nxdomain) responses,

Slingerland, Michael van
Mon Mar 7 09:47:28 CET 2011


Hi Wouter,

You are correct, ns2 is not consistent with the other ns.
I knew it had to be something obvious :s

Thanks,
Mike

________________________________
From: unbound-users-bounces at NLnetLabs.nl [mailto:unbound-users-bounces at NLnetLabs.nl] On Behalf Of Slingerland, Michael van
Sent: Sunday, 06 March 2011 23:14
To: unbound-users at unbound.net
Subject: [Unbound-users] Inconsistent TTL in (nxdomain) responses,

Hi,

I configured a stub-zone for testing a new zone that solely responds nxdomain with a min ttl of 1 week on all PTR's
Assumption is that unbound would limit the TTL to the value configured in unbound.conf that equals 1 day by default.

cache-max-ttl: 86400

I noticed that unbound responds with either the TTL configured in the zone or the cache-max-ttl. The inconsistency in ttl in the answers seem to be sort of random to me.
To be sure only 1 cache wil be used, I set the thread number to 1.

Stub-zone conf

stub-zone:
        name: "98.95.in-addr.arpa."
        stub-host: ns1.info.nl.
        stub-host: ns2.info.nl.
        stub-host: ns2.info.nl.

Tcpdump shows that the auth nameserver is consulted only once for 95.98.40.50 and returns a min ttl of 1 week.

# pkill unbound
# /opt/unbound-1.4.8/sbin/unbound
[1299446231] unbound[8183:0] warning: increased limit(open files) from 1024 to 8338
# dig @localhost -x 95.98.40.50

; <<>> DiG 9.4.2-P2 <<>> @localhost -x 95.98.40.50
; (3 servers found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 40349
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;50.40.98.95.in-addr.arpa.      IN      PTR

;; AUTHORITY SECTION:
98.95.in-addr.arpa.     604800  IN      SOA     ns1.info.nl. postmaster.info.nl. 2010067876 3600 900 1209600 604800

;; Query time: 531 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Mar  6 22:17:15 2011
;; MSG SIZE  rcvd: 100

# dig @localhost -x 95.98.40.50

; <<>> DiG 9.4.2-P2 <<>> @localhost -x 95.98.40.50
; (3 servers found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 62410
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;50.40.98.95.in-addr.arpa.      IN      PTR

;; AUTHORITY SECTION:
98.95.in-addr.arpa.     604798  IN      SOA     ns1.info.nl. postmaster.info.nl. 2010067876 3600 900 1209600 604800

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Mar  6 22:17:17 2011
;; MSG SIZE  rcvd: 100

# dig @localhost -x 95.98.40.51

; <<>> DiG 9.4.2-P2 <<>> @localhost -x 95.98.40.51
; (3 servers found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 17167
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;51.40.98.95.in-addr.arpa.      IN      PTR

;; AUTHORITY SECTION:
98.95.in-addr.arpa.     86400   IN      SOA     ns1.info.nl. postmaster.info.nl. 2010067876 3600 900 1209600 86400

;; Query time: 4 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Mar  6 22:17:21 2011
;; MSG SIZE  rcvd: 100

# dig @localhost -x 95.98.40.50

; <<>> DiG 9.4.2-P2 <<>> @localhost -x 95.98.40.50
; (3 servers found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 58939
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;50.40.98.95.in-addr.arpa.      IN      PTR

;; AUTHORITY SECTION:
98.95.in-addr.arpa.     86397   IN      SOA     ns1.info.nl. postmaster.info.nl. 2010067876 3600 900 1209600 86400

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Mar  6 22:17:24 2011
;; MSG SIZE  rcvd: 100

# dig @localhost -x 95.98.40.50

; <<>> DiG 9.4.2-P2 <<>> @localhost -x 95.98.40.50
; (3 servers found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 45396
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;50.40.98.95.in-addr.arpa.      IN      PTR

;; AUTHORITY SECTION:
98.95.in-addr.arpa.     86393   IN      SOA     ns1.info.nl. postmaster.info.nl. 2010067876 3600 900 1209600 86400

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Mar  6 22:17:28 2011
;; MSG SIZE  rcvd: 100

# dig @localhost -x 95.98.40.53

; <<>> DiG 9.4.2-P2 <<>> @localhost -x 95.98.40.53
; (3 servers found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 39376
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;53.40.98.95.in-addr.arpa.      IN      PTR

;; AUTHORITY SECTION:
98.95.in-addr.arpa.     86400   IN      SOA     ns1.info.nl. postmaster.info.nl. 2010067876 3600 900 1209600 86400

;; Query time: 4 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Mar  6 22:17:31 2011
;; MSG SIZE  rcvd: 100

# dig @localhost -x 95.98.40.535

; <<>> DiG 9.4.2-P2 <<>> @localhost -x 95.98.40.535
; (3 servers found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 33243
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;535.40.98.95.in-addr.arpa.     IN      PTR

;; AUTHORITY SECTION:
98.95.in-addr.arpa.     86400   IN      SOA     ns1.info.nl. postmaster.info.nl. 2010067876 3600 900 1209600 86400

;; Query time: 4 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Mar  6 22:17:33 2011
;; MSG SIZE  rcvd: 101

# dig @localhost -x 95.98.40.54

; <<>> DiG 9.4.2-P2 <<>> @localhost -x 95.98.40.54
; (3 servers found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 33576
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;54.40.98.95.in-addr.arpa.      IN      PTR

;; AUTHORITY SECTION:
98.95.in-addr.arpa.     604800  IN      SOA     ns1.info.nl. postmaster.info.nl. 2010067876 3600 900 1209600 604800

;; Query time: 3 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Mar  6 22:17:38 2011
;; MSG SIZE  rcvd: 100

# dig @localhost -x 95.98.40.54

; <<>> DiG 9.4.2-P2 <<>> @localhost -x 95.98.40.54
; (3 servers found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 14717
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;54.40.98.95.in-addr.arpa.      IN      PTR

;; AUTHORITY SECTION:
98.95.in-addr.arpa.     604797  IN      SOA     ns1.info.nl. postmaster.info.nl. 2010067876 3600 900 1209600 604800

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Mar  6 22:17:41 2011
;; MSG SIZE  rcvd: 100

# dig @localhost -x 95.98.40.53

; <<>> DiG 9.4.2-P2 <<>> @localhost -x 95.98.40.53
; (3 servers found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 21754
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;53.40.98.95.in-addr.arpa.      IN      PTR

;; AUTHORITY SECTION:
98.95.in-addr.arpa.     604795  IN      SOA     ns1.info.nl. postmaster.info.nl. 2010067876 3600 900 1209600 604800

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Mar  6 22:17:43 2011
;; MSG SIZE  rcvd: 100

# dig @localhost -x 95.98.40.50

; <<>> DiG 9.4.2-P2 <<>> @localhost -x 95.98.40.50
; (3 servers found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 48501
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;50.40.98.95.in-addr.arpa.      IN      PTR

;; AUTHORITY SECTION:
98.95.in-addr.arpa.     604792  IN      SOA     ns1.info.nl. postmaster.info.nl. 2010067876 3600 900 1209600 604800

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Mar  6 22:17:46 2011
;; MSG SIZE  rcvd: 100

Is this a bug or am I missing something obvious here?

Thanks,
Mike


********************************************************************************

N.B.: op (de inhoud van) deze e-mail is een DISCLAIMER met belangrijke VOORBEHOUDEN van toepassing: zie http://www.t-mobile.nl/disclaimer

This e-mail and its contents are subject to a DISCLAIMER with important RESERVATIONS: see http://www.t-mobile.nl/disclaimer

********************************************************************************


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://unbound.nlnetlabs.nl/pipermail/unbound-users/attachments/20110307/0734fc08/attachment-0001.html>