[nsd-users] nsd sends TTL == 0

Uwe Kleine-König uwe+nsd at kleine-koenig.org
Tue Jan 20 20:12:57 UTC 2015 

Hello,

one of the secondary servers for my domains uses nsd (the others bind)
and there is a strange effect that nsd sends a zero TTL field for a
certain request while the servers running bind do not.

Using Debian's nsd 4.1.0-2 I can reproduce the behavior with the
following setup:

	uwe at perseus:/etc/nsd$ cat nsd.conf
	zone:
		name: myfirst.zone
		zonefile: /etc/nsd/zones/myfirst.zone
	zone:
		name: mysecond.zone
		zonefile: /etc/nsd/zones/mysecond.zone

	uwe at perseus:/etc/nsd$ cat zones/myfirst.zone
	$TTL 86400
	@   IN SOA localhost. hostmaster.myfirst.zone. (
	    2015011201   ; serial
	    14400        ; refresh
	    1800         ; retry
	    604800       ; expire
	    43200 )      ; minimum
	
	@			IN NS		localhost.
	
	hostname		IN A		78.47.169.190
	www			IN CNAME	hostname

	uwe at perseus:/etc/nsd$ cat zones/mysecond.zone
	$TTL 86400
	@   IN SOA localhost. hostmaster.myfirst.zone. (
	    2015011202   ; serial
	    14400        ; refresh
	    1800         ; retry
	    604800       ; expire
	    43200 )      ; minimum
	
	@                       IN NS           localhost.
	
	@                       IN DNAME        myfirst.zone.

Then the strange TTL value can be seen using the following request:

	uwe at perseus:/etc/nsd$ dig @localhost www.mysecond.zone
	
	; <<>> DiG 9.9.5-8-Debian <<>> @localhost www.mysecond.zone
	; (2 servers found)
	;; global options: +cmd
	;; Got answer:
	;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47941
	;; flags: qr aa rd; QUERY: 1, ANSWER: 4, AUTHORITY: 1, ADDITIONAL: 1
	;; WARNING: recursion requested but not available
	
	;; OPT PSEUDOSECTION:
	; EDNS: version: 0, flags:; udp: 4096
	;; QUESTION SECTION:
	;www.mysecond.zone.		IN	A
	
	;; ANSWER SECTION:
	mysecond.zone.		86400	IN	DNAME	myfirst.zone.
	www.mysecond.zone.	0	IN	CNAME	www.myfirst.zone.
	www.myfirst.zone.	86400	IN	CNAME	hostname.myfirst.zone.
	hostname.myfirst.zone.	86400	IN	A	78.47.169.190
	
	;; AUTHORITY SECTION:
	myfirst.zone.		86400	IN	NS	localhost.
	
	;; Query time: 0 msec
	;; SERVER: ::1#53(::1)
	;; WHEN: Tue Jan 20 20:35:01 CET 2015
	;; MSG SIZE  rcvd: 160

The 2nd line in the answer section has a TTL of 0. The zone files are
cut down a bit and the names are changed, but the real zones look
similar and the name servers running bind report a TTL of 86400 there.

Is this a bug or did I configure anything wrong here? dnsviz.net reports
this as warning ("CNAME synthesis of www.mysecond.zone.: TTL_ZERO").

Best regards and thanks for your time,
Uwe

More information about the nsd-users mailing list