Hi Wouter, You are correct, ns2 is not consistent with the other ns. I knew it had to be something obvious :s
Thanks, Mike ________________________________ From: [email protected] [mailto:[email protected]] On Behalf Of Slingerland, Michael van Sent: Sunday, 06 March 2011 23:14 To: [email protected] Subject: [Unbound-users] Inconsistent TTL in (nxdomain) responses, Hi, I configured a stub-zone for testing a new zone that solely responds nxdomain with a min ttl of 1 week on all PTR's Assumption is that unbound would limit the TTL to the value configured in unbound.conf that equals 1 day by default. cache-max-ttl: 86400 I noticed that unbound responds with either the TTL configured in the zone or the cache-max-ttl. The inconsistency in ttl in the answers seem to be sort of random to me. To be sure only 1 cache wil be used, I set the thread number to 1. Stub-zone conf stub-zone: name: "98.95.in-addr.arpa." stub-host: ns1.info.nl. stub-host: ns2.info.nl. stub-host: ns2.info.nl. Tcpdump shows that the auth nameserver is consulted only once for 95.98.40.50 and returns a min ttl of 1 week. # pkill unbound # /opt/unbound-1.4.8/sbin/unbound [1299446231] unbound[8183:0] warning: increased limit(open files) from 1024 to 8338 # dig @localhost -x 95.98.40.50 ; <<>> DiG 9.4.2-P2 <<>> @localhost -x 95.98.40.50 ; (3 servers found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 40349 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;50.40.98.95.in-addr.arpa. IN PTR ;; AUTHORITY SECTION: 98.95.in-addr.arpa. 604800 IN SOA ns1.info.nl. postmaster.info.nl. 2010067876 3600 900 1209600 604800 ;; Query time: 531 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Sun Mar 6 22:17:15 2011 ;; MSG SIZE rcvd: 100 # dig @localhost -x 95.98.40.50 ; <<>> DiG 9.4.2-P2 <<>> @localhost -x 95.98.40.50 ; (3 servers found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 62410 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;50.40.98.95.in-addr.arpa. IN PTR ;; AUTHORITY SECTION: 98.95.in-addr.arpa. 604798 IN SOA ns1.info.nl. postmaster.info.nl. 2010067876 3600 900 1209600 604800 ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Sun Mar 6 22:17:17 2011 ;; MSG SIZE rcvd: 100 # dig @localhost -x 95.98.40.51 ; <<>> DiG 9.4.2-P2 <<>> @localhost -x 95.98.40.51 ; (3 servers found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 17167 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;51.40.98.95.in-addr.arpa. IN PTR ;; AUTHORITY SECTION: 98.95.in-addr.arpa. 86400 IN SOA ns1.info.nl. postmaster.info.nl. 2010067876 3600 900 1209600 86400 ;; Query time: 4 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Sun Mar 6 22:17:21 2011 ;; MSG SIZE rcvd: 100 # dig @localhost -x 95.98.40.50 ; <<>> DiG 9.4.2-P2 <<>> @localhost -x 95.98.40.50 ; (3 servers found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 58939 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;50.40.98.95.in-addr.arpa. IN PTR ;; AUTHORITY SECTION: 98.95.in-addr.arpa. 86397 IN SOA ns1.info.nl. postmaster.info.nl. 2010067876 3600 900 1209600 86400 ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Sun Mar 6 22:17:24 2011 ;; MSG SIZE rcvd: 100 # dig @localhost -x 95.98.40.50 ; <<>> DiG 9.4.2-P2 <<>> @localhost -x 95.98.40.50 ; (3 servers found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 45396 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;50.40.98.95.in-addr.arpa. IN PTR ;; AUTHORITY SECTION: 98.95.in-addr.arpa. 86393 IN SOA ns1.info.nl. postmaster.info.nl. 2010067876 3600 900 1209600 86400 ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Sun Mar 6 22:17:28 2011 ;; MSG SIZE rcvd: 100 # dig @localhost -x 95.98.40.53 ; <<>> DiG 9.4.2-P2 <<>> @localhost -x 95.98.40.53 ; (3 servers found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 39376 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;53.40.98.95.in-addr.arpa. IN PTR ;; AUTHORITY SECTION: 98.95.in-addr.arpa. 86400 IN SOA ns1.info.nl. postmaster.info.nl. 2010067876 3600 900 1209600 86400 ;; Query time: 4 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Sun Mar 6 22:17:31 2011 ;; MSG SIZE rcvd: 100 # dig @localhost -x 95.98.40.535 ; <<>> DiG 9.4.2-P2 <<>> @localhost -x 95.98.40.535 ; (3 servers found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 33243 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;535.40.98.95.in-addr.arpa. IN PTR ;; AUTHORITY SECTION: 98.95.in-addr.arpa. 86400 IN SOA ns1.info.nl. postmaster.info.nl. 2010067876 3600 900 1209600 86400 ;; Query time: 4 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Sun Mar 6 22:17:33 2011 ;; MSG SIZE rcvd: 101 # dig @localhost -x 95.98.40.54 ; <<>> DiG 9.4.2-P2 <<>> @localhost -x 95.98.40.54 ; (3 servers found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 33576 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;54.40.98.95.in-addr.arpa. IN PTR ;; AUTHORITY SECTION: 98.95.in-addr.arpa. 604800 IN SOA ns1.info.nl. postmaster.info.nl. 2010067876 3600 900 1209600 604800 ;; Query time: 3 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Sun Mar 6 22:17:38 2011 ;; MSG SIZE rcvd: 100 # dig @localhost -x 95.98.40.54 ; <<>> DiG 9.4.2-P2 <<>> @localhost -x 95.98.40.54 ; (3 servers found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 14717 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;54.40.98.95.in-addr.arpa. IN PTR ;; AUTHORITY SECTION: 98.95.in-addr.arpa. 604797 IN SOA ns1.info.nl. postmaster.info.nl. 2010067876 3600 900 1209600 604800 ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Sun Mar 6 22:17:41 2011 ;; MSG SIZE rcvd: 100 # dig @localhost -x 95.98.40.53 ; <<>> DiG 9.4.2-P2 <<>> @localhost -x 95.98.40.53 ; (3 servers found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 21754 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;53.40.98.95.in-addr.arpa. IN PTR ;; AUTHORITY SECTION: 98.95.in-addr.arpa. 604795 IN SOA ns1.info.nl. postmaster.info.nl. 2010067876 3600 900 1209600 604800 ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Sun Mar 6 22:17:43 2011 ;; MSG SIZE rcvd: 100 # dig @localhost -x 95.98.40.50 ; <<>> DiG 9.4.2-P2 <<>> @localhost -x 95.98.40.50 ; (3 servers found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 48501 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;50.40.98.95.in-addr.arpa. IN PTR ;; AUTHORITY SECTION: 98.95.in-addr.arpa. 604792 IN SOA ns1.info.nl. postmaster.info.nl. 2010067876 3600 900 1209600 604800 ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Sun Mar 6 22:17:46 2011 ;; MSG SIZE rcvd: 100 Is this a bug or am I missing something obvious here? Thanks, Mike ******************************************************************************** N.B.: op (de inhoud van) deze e-mail is een DISCLAIMER met belangrijke VOORBEHOUDEN van toepassing: zie http://www.t-mobile.nl/disclaimer This e-mail and its contents are subject to a DISCLAIMER with important RESERVATIONS: see http://www.t-mobile.nl/disclaimer ********************************************************************************
_______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
