Nsd sends TTL == 0

Uwe_Kleine-König · January 20, 2015, 8:12pm

Hello,

one of the secondary servers for my domains uses nsd (the others bind)
and there is a strange effect that nsd sends a zero TTL field for a
certain request while the servers running bind do not.

Using Debian's nsd 4.1.0-2 I can reproduce the behavior with the
following setup:

  uwe@perseus:/etc/nsd$ cat nsd.conf
  zone:
    name: myfirst.zone
    zonefile: /etc/nsd/zones/myfirst.zone
  zone:
    name: mysecond.zone
    zonefile: /etc/nsd/zones/mysecond.zone

  uwe@perseus:/etc/nsd$ cat zones/myfirst.zone
  $TTL 86400
  @ IN SOA localhost. hostmaster.myfirst.zone. (
      2015011201 ; serial
      14400 ; refresh
      1800 ; retry
      604800 ; expire
      43200 ) ; minimum

  @ IN NS localhost.

  hostname IN A 78.47.169.190
  www IN CNAME hostname

  uwe@perseus:/etc/nsd$ cat zones/mysecond.zone
  $TTL 86400
  @ IN SOA localhost. hostmaster.myfirst.zone. (
      2015011202 ; serial
      14400 ; refresh
      1800 ; retry
      604800 ; expire
      43200 ) ; minimum

  @ IN NS localhost.

  @ IN DNAME myfirst.zone.

Then the strange TTL value can be seen using the following request:

  uwe@perseus:/etc/nsd$ dig @localhost www.mysecond.zone

  ; <<>> DiG 9.9.5-8-Debian <<>> @localhost www.mysecond.zone
  ; (2 servers found)
  ;; global options: +cmd
  ;; Got answer:
  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47941
  ;; flags: qr aa rd; QUERY: 1, ANSWER: 4, AUTHORITY: 1, ADDITIONAL: 1
  ;; WARNING: recursion requested but not available

  ;; OPT PSEUDOSECTION:
  ; EDNS: version: 0, flags:; udp: 4096
  ;; QUESTION SECTION:
  ;www.mysecond.zone. IN A

  ;; ANSWER SECTION:
  mysecond.zone. 86400 IN DNAME myfirst.zone.
  www.mysecond.zone. 0 IN CNAME www.myfirst.zone.
  www.myfirst.zone. 86400 IN CNAME hostname.myfirst.zone.
  hostname.myfirst.zone. 86400 IN A 78.47.169.190

  ;; AUTHORITY SECTION:
  myfirst.zone. 86400 IN NS localhost.

  ;; Query time: 0 msec
  ;; SERVER: ::1#53(::1)
  ;; WHEN: Tue Jan 20 20:35:01 CET 2015
  ;; MSG SIZE rcvd: 160

The 2nd line in the answer section has a TTL of 0. The zone files are
cut down a bit and the names are changed, but the real zones look
similar and the name servers running bind report a TTL of 86400 there.

Is this a bug or did I configure anything wrong here? dnsviz.net reports
this as warning ("CNAME synthesis of www.mysecond.zone.: TTL_ZERO").

Best regards and thanks for your time,
Uwe

Wouter · January 21, 2015, 8:38am

Hi Uwe,

Hello,

one of the secondary servers for my domains uses nsd (the others
bind) and there is a strange effect that nsd sends a zero TTL field
for a certain request while the servers running bind do not.

Yes it is nicer to send a nonzero TTL to assist caching. Fixed this
for NSD. Thank you for the detailed bug report.

Best regards,
Wouter

Uwe_Kleine-König · January 21, 2015, 3:56pm

Hello,

Niall_O_Reilly1 · January 21, 2015, 6:53pm

ISTR that this TTL=0 was required by the original DNAME
specification, since revised.

/Niall

Jaap · January 21, 2015, 9:18pm

"Niall O'Reilly" writes:

> ISTR that this TTL=0 was required by the original DNAME
> specification, since revised.
>

Yes, that is what I remember as well.

jaap