unbound NXDOMAIN TTL shared between records
Patrik Lundin
patrik at sigterm.se
Fri Aug 21 15:14:55 UTC 2015
Hello,
I recently noticed what to me is a strange caching behaviour for
NXDOMAIN results.
This has been seen both on Ubuntu 14.04 with unbound 1.4.22 and on
OpenBSD with unbound 1.5.2.
I noticed that for some domains, the cache TTL for NXDOMAIN results
seemed to be shared for all nonexistant replies under that domain:
The first lookup (which also suspiciously seems to use the SOA TTL of 7200
rather than the NXDOMAIN TTL of 18000):
===
dig nonexistant1.unbound.net
; <<>> DiG 9.4.2-P2 <<>> nonexistant1.unbound.net
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 35933
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;nonexistant1.unbound.net. IN A
;; AUTHORITY SECTION:
unbound.net. 7200 IN SOA ns.nlnetlabs.nl. postmaster.unbound.net. 2015081500 28800 7200 604800 18000
;; Query time: 474 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Fri Aug 21 16:51:23 2015
;; MSG SIZE rcvd: 104
===
The second lookup for that same name, which as one would expect has a
decremented TTL:
===
$ dig nonexistant1.unbound.net
; <<>> DiG 9.4.2-P2 <<>> nonexistant1.unbound.net
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 9365
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;nonexistant1.unbound.net. IN A
;; AUTHORITY SECTION:
unbound.net. 7195 IN SOA ns.nlnetlabs.nl. postmaster.unbound.net. 2015081500 28800 7200 604800 18000
;; Query time: 0 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Fri Aug 21 16:51:28 2015
;; MSG SIZE rcvd: 104
===
Now we look up another nonexistant domain, which I would expect to have a TTL
of 7200 (18000?), but this one shares the reported TTL with my previous lookup:
===
$ dig nonexistant2.unbound.net
; <<>> DiG 9.4.2-P2 <<>> nonexistant2.unbound.net
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 27898
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;nonexistant2.unbound.net. IN A
;; AUTHORITY SECTION:
unbound.net. 7189 IN SOA ns.nlnetlabs.nl. postmaster.unbound.net. 2015081500 28800 7200 604800 18000
;; Query time: 32 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Fri Aug 21 16:51:34 2015
;; MSG SIZE rcvd: 104
===
Does anyone else see this? Is it by design? What makes this even more confusing
to me is that I see different results for different domains. I believe I am
even seeing different results inside the same domains possibly depending on
what I have looked up before that.
--
Patrik Lundin
More information about the Unbound-users
mailing list