[Unbound-users] Inconsistent TTL in (nxdomain) responses,
Slingerland, Michael van
Michael.van.Slingerland at t-mobile.nl
Mon Mar 7 08:47:28 UTC 2011
Hi Wouter,
You are correct, ns2 is not consistent with the other ns.
I knew it had to be something obvious :s
Thanks,
Mike
________________________________
From: unbound-users-bounces at NLnetLabs.nl [mailto:unbound-users-bounces at NLnetLabs.nl] On Behalf Of Slingerland, Michael van
Sent: Sunday, 06 March 2011 23:14
To: unbound-users at unbound.net
Subject: [Unbound-users] Inconsistent TTL in (nxdomain) responses,
Hi,
I configured a stub-zone for testing a new zone that solely responds nxdomain with a min ttl of 1 week on all PTR's
Assumption is that unbound would limit the TTL to the value configured in unbound.conf that equals 1 day by default.
cache-max-ttl: 86400
I noticed that unbound responds with either the TTL configured in the zone or the cache-max-ttl. The inconsistency in ttl in the answers seem to be sort of random to me.
To be sure only 1 cache wil be used, I set the thread number to 1.
Stub-zone conf
stub-zone:
name: "98.95.in-addr.arpa."
stub-host: ns1.info.nl.
stub-host: ns2.info.nl.
stub-host: ns2.info.nl.
Tcpdump shows that the auth nameserver is consulted only once for 95.98.40.50 and returns a min ttl of 1 week.
# pkill unbound
# /opt/unbound-1.4.8/sbin/unbound
[1299446231] unbound[8183:0] warning: increased limit(open files) from 1024 to 8338
# dig @localhost -x 95.98.40.50
; <<>> DiG 9.4.2-P2 <<>> @localhost -x 95.98.40.50
; (3 servers found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 40349
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;50.40.98.95.in-addr.arpa. IN PTR
;; AUTHORITY SECTION:
98.95.in-addr.arpa. 604800 IN SOA ns1.info.nl. postmaster.info.nl. 2010067876 3600 900 1209600 604800
;; Query time: 531 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Mar 6 22:17:15 2011
;; MSG SIZE rcvd: 100
# dig @localhost -x 95.98.40.50
; <<>> DiG 9.4.2-P2 <<>> @localhost -x 95.98.40.50
; (3 servers found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 62410
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;50.40.98.95.in-addr.arpa. IN PTR
;; AUTHORITY SECTION:
98.95.in-addr.arpa. 604798 IN SOA ns1.info.nl. postmaster.info.nl. 2010067876 3600 900 1209600 604800
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Mar 6 22:17:17 2011
;; MSG SIZE rcvd: 100
# dig @localhost -x 95.98.40.51
; <<>> DiG 9.4.2-P2 <<>> @localhost -x 95.98.40.51
; (3 servers found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 17167
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;51.40.98.95.in-addr.arpa. IN PTR
;; AUTHORITY SECTION:
98.95.in-addr.arpa. 86400 IN SOA ns1.info.nl. postmaster.info.nl. 2010067876 3600 900 1209600 86400
;; Query time: 4 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Mar 6 22:17:21 2011
;; MSG SIZE rcvd: 100
# dig @localhost -x 95.98.40.50
; <<>> DiG 9.4.2-P2 <<>> @localhost -x 95.98.40.50
; (3 servers found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 58939
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;50.40.98.95.in-addr.arpa. IN PTR
;; AUTHORITY SECTION:
98.95.in-addr.arpa. 86397 IN SOA ns1.info.nl. postmaster.info.nl. 2010067876 3600 900 1209600 86400
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Mar 6 22:17:24 2011
;; MSG SIZE rcvd: 100
# dig @localhost -x 95.98.40.50
; <<>> DiG 9.4.2-P2 <<>> @localhost -x 95.98.40.50
; (3 servers found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 45396
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;50.40.98.95.in-addr.arpa. IN PTR
;; AUTHORITY SECTION:
98.95.in-addr.arpa. 86393 IN SOA ns1.info.nl. postmaster.info.nl. 2010067876 3600 900 1209600 86400
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Mar 6 22:17:28 2011
;; MSG SIZE rcvd: 100
# dig @localhost -x 95.98.40.53
; <<>> DiG 9.4.2-P2 <<>> @localhost -x 95.98.40.53
; (3 servers found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 39376
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;53.40.98.95.in-addr.arpa. IN PTR
;; AUTHORITY SECTION:
98.95.in-addr.arpa. 86400 IN SOA ns1.info.nl. postmaster.info.nl. 2010067876 3600 900 1209600 86400
;; Query time: 4 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Mar 6 22:17:31 2011
;; MSG SIZE rcvd: 100
# dig @localhost -x 95.98.40.535
; <<>> DiG 9.4.2-P2 <<>> @localhost -x 95.98.40.535
; (3 servers found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 33243
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;535.40.98.95.in-addr.arpa. IN PTR
;; AUTHORITY SECTION:
98.95.in-addr.arpa. 86400 IN SOA ns1.info.nl. postmaster.info.nl. 2010067876 3600 900 1209600 86400
;; Query time: 4 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Mar 6 22:17:33 2011
;; MSG SIZE rcvd: 101
# dig @localhost -x 95.98.40.54
; <<>> DiG 9.4.2-P2 <<>> @localhost -x 95.98.40.54
; (3 servers found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 33576
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;54.40.98.95.in-addr.arpa. IN PTR
;; AUTHORITY SECTION:
98.95.in-addr.arpa. 604800 IN SOA ns1.info.nl. postmaster.info.nl. 2010067876 3600 900 1209600 604800
;; Query time: 3 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Mar 6 22:17:38 2011
;; MSG SIZE rcvd: 100
# dig @localhost -x 95.98.40.54
; <<>> DiG 9.4.2-P2 <<>> @localhost -x 95.98.40.54
; (3 servers found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 14717
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;54.40.98.95.in-addr.arpa. IN PTR
;; AUTHORITY SECTION:
98.95.in-addr.arpa. 604797 IN SOA ns1.info.nl. postmaster.info.nl. 2010067876 3600 900 1209600 604800
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Mar 6 22:17:41 2011
;; MSG SIZE rcvd: 100
# dig @localhost -x 95.98.40.53
; <<>> DiG 9.4.2-P2 <<>> @localhost -x 95.98.40.53
; (3 servers found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 21754
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;53.40.98.95.in-addr.arpa. IN PTR
;; AUTHORITY SECTION:
98.95.in-addr.arpa. 604795 IN SOA ns1.info.nl. postmaster.info.nl. 2010067876 3600 900 1209600 604800
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Mar 6 22:17:43 2011
;; MSG SIZE rcvd: 100
# dig @localhost -x 95.98.40.50
; <<>> DiG 9.4.2-P2 <<>> @localhost -x 95.98.40.50
; (3 servers found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 48501
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;50.40.98.95.in-addr.arpa. IN PTR
;; AUTHORITY SECTION:
98.95.in-addr.arpa. 604792 IN SOA ns1.info.nl. postmaster.info.nl. 2010067876 3600 900 1209600 604800
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Mar 6 22:17:46 2011
;; MSG SIZE rcvd: 100
Is this a bug or am I missing something obvious here?
Thanks,
Mike
********************************************************************************
N.B.: op (de inhoud van) deze e-mail is een DISCLAIMER met belangrijke VOORBEHOUDEN van toepassing: zie http://www.t-mobile.nl/disclaimer
This e-mail and its contents are subject to a DISCLAIMER with important RESERVATIONS: see http://www.t-mobile.nl/disclaimer
********************************************************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20110307/0734fc08/attachment.htm>
More information about the Unbound-users
mailing list