Maintained by: NLnet Labs

[Unbound-users] Strange TTL of the SOA record for a noexist domain query

罗策
Wed May 4 07:50:34 CEST 2011


I setup a local zone example.com and set the default ttl to 86400.
Use unbound as the recursive server and config a stub_zone example.com
address to the local server setup above.
When I dig example.com soa, I got the following answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38345
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 2
;; QUESTION SECTION:
;example.com.                   IN      SOA
;; ANSWER SECTION:
example.com.            86400   IN      SOA     NS1.example.com.
root.example.com. 2010091701 3600 900 604800 3600
;; AUTHORITY SECTION:
example.com.            86400   IN      NS      NS2.demo.example.com.
example.com.            86400   IN      NS      NS1.example.com.
example.com.            86400   IN      NS      NS3.noexist.cn.
;; ADDITIONAL SECTION:
NS1.example.com.        86400   IN      A       10.53.0.2
NS2.demo.example.com.   86400   IN      A       218.241.108.15

Then I dig noexist.example.com a, I got this:

;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 20213
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;noexist.example.com.                 IN      A
;; AUTHORITY SECTION:
example.com.            3600    IN      SOA     NS1.example.com.
root.example.com. 2010091701 3600 900 604800 3600

Both of the above results seem to be fine, but when I dig
noexist.example.com again, the ttl of the soa record changed:

;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 59999
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;noexist.example.com.                 IN      A
;; AUTHORITY SECTION:
example.com.            86292   IN      SOA     NS1.example.com.
root.example.com. 2010091701 3600 900 604800 3600

Anybody experienced the same thing as me?  Whether the second answer should
use the original ttl of the soa record?