Hello,
I’m seeing libunbound query results differ depending on cache results
for an improperly-configured domain. I’m wondering what options are available
to mitigate this.
The domain in question is “ryanjanzen.org”. The problem can be seen by
comparing two libunbound invocations (via Perl DNS::Unbound):
-----------------
> perl -MNet::DNS::Packet -MDNS::Unbound -e'my $dns = DNS::Unbound->new();
> print( (Net::DNS::Packet->decode( \$dns->resolve("ryanjanzen.org",
> "SOA")->answer_packet() )->answer())[0]->string() );'
ryanjanzen.org. 86400 IN SOA ( dns.domainsatcost.ca.
noc.domainsatcost.ca.
2022052601 ;serial
10800 ;refresh
3600 ;retry
604800 ;expire
3600 ;minimum
)
-----------------
> perl -MNet::DNS::Packet -MDNS::Unbound -e'my $dns = DNS::Unbound->new();
> $dns->resolve("ryanjanzen.org", "NS"); print( (Net::DNS::Packet->decode(
> \$dns->resolve("ryanjanzen.org", "SOA")->answer_packet()
> )->answer())[0]->string() );'
ryanjanzen.org. 86400 IN SOA ( ns1.a2hosting.com.
root.mi3-ss55.a2hosting.com.
2022052608 ;serial
3600 ;refresh
1800 ;retry
1209600 ;expire
86400 ;minimum
)
-----------------
Both request ryanjanzen.org/SOA, but the 2nd first requests
ryanjanzen.org/NS. Unbound’s cache of the NS query result affects its response
to the SOA query.
The zone in question is misconfigured
(https://www.buddyns.com/delegation-lab/ryanjanzen.org), but is there some way
to configure Unbound so that that misconfiguration won’t cause the caching to
affect the SOA query result?
Thank you!
cheers,
-Felipe
