Hello, I recently noticed what to me is a strange caching behaviour for NXDOMAIN results.
This has been seen both on Ubuntu 14.04 with unbound 1.4.22 and on OpenBSD with unbound 1.5.2. I noticed that for some domains, the cache TTL for NXDOMAIN results seemed to be shared for all nonexistant replies under that domain: The first lookup (which also suspiciously seems to use the SOA TTL of 7200 rather than the NXDOMAIN TTL of 18000): === dig nonexistant1.unbound.net ; <<>> DiG 9.4.2-P2 <<>> nonexistant1.unbound.net ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 35933 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;nonexistant1.unbound.net. IN A ;; AUTHORITY SECTION: unbound.net. 7200 IN SOA ns.nlnetlabs.nl. postmaster.unbound.net. 2015081500 28800 7200 604800 18000 ;; Query time: 474 msec ;; SERVER: 192.168.1.1#53(192.168.1.1) ;; WHEN: Fri Aug 21 16:51:23 2015 ;; MSG SIZE rcvd: 104 === The second lookup for that same name, which as one would expect has a decremented TTL: === $ dig nonexistant1.unbound.net ; <<>> DiG 9.4.2-P2 <<>> nonexistant1.unbound.net ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 9365 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;nonexistant1.unbound.net. IN A ;; AUTHORITY SECTION: unbound.net. 7195 IN SOA ns.nlnetlabs.nl. postmaster.unbound.net. 2015081500 28800 7200 604800 18000 ;; Query time: 0 msec ;; SERVER: 192.168.1.1#53(192.168.1.1) ;; WHEN: Fri Aug 21 16:51:28 2015 ;; MSG SIZE rcvd: 104 === Now we look up another nonexistant domain, which I would expect to have a TTL of 7200 (18000?), but this one shares the reported TTL with my previous lookup: === $ dig nonexistant2.unbound.net ; <<>> DiG 9.4.2-P2 <<>> nonexistant2.unbound.net ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 27898 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;nonexistant2.unbound.net. IN A ;; AUTHORITY SECTION: unbound.net. 7189 IN SOA ns.nlnetlabs.nl. postmaster.unbound.net. 2015081500 28800 7200 604800 18000 ;; Query time: 32 msec ;; SERVER: 192.168.1.1#53(192.168.1.1) ;; WHEN: Fri Aug 21 16:51:34 2015 ;; MSG SIZE rcvd: 104 === Does anyone else see this? Is it by design? What makes this even more confusing to me is that I see different results for different domains. I believe I am even seeing different results inside the same domains possibly depending on what I have looked up before that. -- Patrik Lundin
