Nsd zonefile format

Andreas_Schulze · November 9, 2010, 12:42pm

Hello,

I have a zonefile like this:

### snip ###
$TTL 1d

example.com. SOA (
.... )
example.com. NS ns1.example.com.
example.com. NS ns2.example.com.
example.com. 300 MX 42 mail.example.com.
example.com. TXT "v=spf1 +all"
ns1.example.com. A 192.0.2.1
ns2.example.com. A 192.0.2.1
mail.example.com. A 192.0.2.3

### snap ###

Notice the intension to lower only the ttl for the mx.

The SOA and NS-Record use $TTL Valie 1d.
But all records *after* the mx have also a TTL of 300s.

What's my fault?
Who do I write a zonefile containing only those ttl which are different from $TTL ?
Is there a formal definition for zonefiles?

Thanks ...

Matthijs_Mekking · November 9, 2010, 1:02pm

Hi Andreas,

This is according to spec. RFC 1035 says that omitted class and TTL
values are default to the last explicitly stated values. If you want the
records after the MX to have a TTL of 1d, you should add explicitly say
so; either by adding the line:

$TTL 1d

after the MX record, or by giving the TXT record an explicit TTL of 1d.

Best regards,

Matthijs

Andreas_Schulze · November 9, 2010, 1:16pm

... ohhh
life was so easy with tinydns ...

Marc_Schneiders · November 9, 2010, 1:41pm

Or, for the realy lazy, put the MX record at the bottom of the list.

Peter_Koch · November 9, 2010, 2:50pm

Matthijs,

This is according to spec. RFC 1035 says that omitted class and TTL
values are default to the last explicitly stated values. If you want the
records after the MX to have a TTL of 1d, you should add explicitly say

RFC2308, introducing $TTL and updating RFC1035, says:

The Master File format [RFC 1035 Section 5] is extended to include
the following directive:

$TTL <TTL> [comment]

   All resource records appearing after the directive, and which do not
   explicitly include a TTL value, have their TTL set to the TTL given
   in the $TTL directive. [...]

It appears to me that "after the directive" and "which do not explicitly
include a TTL value" overrides the RFC 1035 inheritance rule. We might
need a spec clarification here, though.

-Peter

Andreas_Schulze · November 9, 2010, 3:07pm

yea!
that's behavior I expect in 21th century ...

Matthijs_Mekking · November 9, 2010, 3:10pm

Hmm,

May I ask you what version NSD you are using? I tried to load a similar
zone in the latest version and all records except the MX have a TTL of 1d.

Best regards,

Matthijs

anandb · November 9, 2010, 3:10pm

Hi Matthijs,

This is according to spec. RFC 1035 says that omitted class and TTL
values are default to the last explicitly stated values. If you want the
records after the MX to have a TTL of 1d, you should add explicitly say
so; either by adding the line:

$TTL 1d

after the MX record, or by giving the TXT record an explicit TTL of 1d.

My copy of NSD 3.2.6 does not behave this way. Here's a zone snippet:

$TTL 1d
@ SOA ns1.example.net admin.example.net. (
                                2010091501
                                3600
        1800
                                1209600
                                7200
                        )
    NS ns1.example.com.
    NS ns2.example.com.
  3600 MX 1 mail.example.com.
    TXT "text"

results in:

$ dig +norec @localhost any example.net

; <<>> DiG 9.6.0-APPLE-P2 <<>> +norec @localhost any example.net
; (3 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19946
;; flags: qr aa; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;example.net. IN ANY

;; ANSWER SECTION:
example.net. 86400 IN SOA ns1.example.net.example.net.
admin.example.net. 2010091501 3600 1800 1209600 7200
example.net. 86400 IN NS ns1.example.com.
example.net. 86400 IN NS ns2.example.com.
example.net. 3600 IN MX 1 mail.example.com.
example.net. 86400 IN TXT "text"

Andreas_Schulze · November 9, 2010, 3:31pm

it's nsd-3.2.6 build from source an ldnsutils 1.6.5
to be precise: the zone in question is "t-isa.de"

the zonefile:
--- snip
$TTL 1d

t-isa.de. SOA (
nsd01.t-isa.de. hostmaster-soa.datev.de. 2010110902 4h 4444s 40d 40m )
t-isa.de. NS nsd01.t-isa.de.
t-isa.de. NS nsd02.t-isa.de.
t-isa.de. 300 MX 0 mailin11.t-isa.de.

t-isa.de. TXT "v=spf1 ip4=193.27.48.0/21 -all"
t-isa.de. SPF "v=spf1 ip4=193.27.48.0/21 -all"

nsd01.t-isa.de. A 193.27.50.9
nsd02.t-isa.de. A 193.27.54.9

...
--- snap

and thats what "ldns-read-zone t-isa.de" prints out:
t-isa.de. 86400 IN SOA nsd01.t-isa.de. hostmaster-soa.datev.de. 2010110902 14400 4444 3456000 2400
t-isa.de. 86400 IN NS nsd01.t-isa.de.
t-isa.de. 86400 IN NS nsd02.t-isa.de.
t-isa.de. 300 IN MX 0 mailin11.t-isa.de.
t-isa.de. 300 IN TXT "v=spf1 ip4=193.27.48.0/21 -all"
t-isa.de. 300 IN SPF "v=spf1 ip4=193.27.48.0/21 -all"
nsd01.t-isa.de. 300 IN A 193.27.50.9
nsd02.t-isa.de. 300 IN A 193.27.54.9
...

up to this point only ldns is involved.
next players are ldns-signzone and zonec.
public verifyable is this:

$ dig @nsd01.t-isa.de t-isa.de any +noall +answer| grep -v DNSKEY | grep -v RRSIG
;; Truncated, retrying in TCP mode.
t-isa.de. 86400 IN SOA nsd01.t-isa.de. hostmaster-soa.datev.de. 2010110902 14400 4444 3456000 2400
t-isa.de. 86400 IN NS nsd01.t-isa.de.
t-isa.de. 86400 IN NS nsd02.t-isa.de.
t-isa.de. 300 IN MX 0 mailin11.t-isa.de.
t-isa.de. 300 IN TXT "v=spf1 ip4=193.27.48.0/21 -all"
t-isa.de. 3600 IN TYPE51 \# 5 0100000100
t-isa.de. 300 IN TYPE99 \# 31 1E763D73706631206970343D3139332E32372E34382E302F3231202D 616C6C

Andreas

Andreas_Schulze · November 10, 2010, 5:22am

it's nsd-3.2.6 build from source an ldnsutils 1.6.5

yesterday I rebuild ldnsutils-1.6.7.

same result:
all ttl fields after my "mx" have 300s instead of $TTL

Matthijs_Mekking · November 10, 2010, 6:16am

Hi,

So, it looks like the problem is in ldns, not nsd. Will fix it there.

Best regards,
Matthijs