[dns-operations] negative caching weirdness

Daniel Stirnimann daniel.stirnimann at switch.ch
Fri Apr 22 17:10:50 UTC 2016 

Dear all,

RFC 2308 defines the negative caching TTL as the minimum of the MINIMUM
field of the SOA record and the TTL of the SOA itself.

I wanted to do a quick survey among all tlds and was surprised to see
that many showed a neg. caching TTL of zero!

Summary:
     1	    666 0
     2	    131 10800
     3	    110 7200
     4	     69 900
     5	     45 3600
     6	     42 300
     7	     35 60
     8	      9 5400
     9	      3 1800
    10	      1 600
    11	      1 1200

One such TLD is haus.

Surprisingly, if I ask the authoritative name server directly I get
86400 seconds:

dig @demand.beta.aridns.net.au. haus. soa

; <<>> DiG 9.8.3-P1 <<>> @demand.beta.aridns.net.au. haus. soa
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32576
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;haus.				IN	SOA

;; ANSWER SECTION:
haus.			86400	IN	SOA	demand.alpha.aridns.net.au.
hostmaster.rightside.co. 1461326169 1800 900 604800 86400

;; Query time: 23 msec
;; SERVER: 2001:dcd:2::7#53(2001:dcd:2::7)
;; WHEN: Fri Apr 22 14:00:47 2016
;; MSG SIZE  rcvd: 107


However, if I ask for an unknown domain I get zero!

dig @demand.beta.aridns.net.au. alsdfjalsjdfasdf.haus. soa

; <<>> DiG 9.8.3-P1 <<>> @demand.beta.aridns.net.au.
alsdfjalsjdfasdf.haus. soa
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 43473
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;alsdfjalsjdfasdf.haus.		IN	SOA

;; AUTHORITY SECTION:
haus.			0	IN	SOA	demand.alpha.aridns.net.au. hostmaster.rightside.co.
1461326169 1800 900 604800 86400

;; Query time: 22 msec
;; SERVER: 2001:dcd:2::7#53(2001:dcd:2::7)
;; WHEN: Fri Apr 22 14:00:55 2016
;; MSG SIZE  rcvd: 124

Even stranger is, if I ask my local resolver (BIND 9.9.8) I get 10800:

dig wersadfjlasjdlfjasljdflajs.haus

; <<>> DiG 9.8.3-P1 <<>> wersadfjlasjdlfjasljdflajs.haus
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 53730
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;wersadfjlasjdlfjasljdflajs.haus. IN	A

;; AUTHORITY SECTION:
haus.			10800	IN	SOA	demand.alpha.aridns.net.au.
hostmaster.rightside.co. 1461326409 1800 900 604800 86400

;; Query time: 26 msec
;; SERVER: 130.59.31.248#53(130.59.31.248)
;; WHEN: Fri Apr 22 14:02:25 2016
;; MSG SIZE  rcvd: 134


I'm completely confused. I never expected that 666 TLDs have such
strange behaviors or am I missing something?

Thank you,
Daniel

More information about the dns-operations mailing list