[Unbound-users] Strange TTL of the SOA record for a noexist domain query
罗策
luoce at cnnic.cn
Wed May 4 05:50:34 UTC 2011
I setup a local zone example.com and set the default ttl to 86400.
Use unbound as the recursive server and config a stub_zone example.com
address to the local server setup above.
When I dig example.com soa, I got the following answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38345
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 2
;; QUESTION SECTION:
;example.com. IN SOA
;; ANSWER SECTION:
example.com. 86400 IN SOA NS1.example.com.
root.example.com. 2010091701 3600 900 604800 3600
;; AUTHORITY SECTION:
example.com. 86400 IN NS NS2.demo.example.com.
example.com. 86400 IN NS NS1.example.com.
example.com. 86400 IN NS NS3.noexist.cn.
;; ADDITIONAL SECTION:
NS1.example.com. 86400 IN A 10.53.0.2
NS2.demo.example.com. 86400 IN A 218.241.108.15
Then I dig noexist.example.com a, I got this:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 20213
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;noexist.example.com. IN A
;; AUTHORITY SECTION:
example.com. 3600 IN SOA NS1.example.com.
root.example.com. 2010091701 3600 900 604800 3600
Both of the above results seem to be fine, but when I dig
noexist.example.com again, the ttl of the soa record changed:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 59999
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;noexist.example.com. IN A
;; AUTHORITY SECTION:
example.com. 86292 IN SOA NS1.example.com.
root.example.com. 2010091701 3600 900 604800 3600
Anybody experienced the same thing as me? Whether the second answer should
use the original ttl of the soa record?
More information about the Unbound-users
mailing list