Skip to content

Use nonzero SOA MINIMUM for nxdomain-redirect zone

In the "redirect" system test, in order to determine responses to queries that would normally result in an NXDOMAIN response, ns4 must resolve records in the "redirect" zone (served by ns3). If the "redirect" zone has its SOA MINIMUM field set to 0, ns3 will return negative responses coming from that zone with a TTL of 0. This may trigger false positives for the second nonexist/TXT check in the "redirect" system test: if ns4 resumes from recursion at a different Unix timestamp than the one at which it received the NODATA response from ns3, ns4 will return an NXDOMAIN response to dig instead of the expected NODATA one (because the cached NODATA response would no longer be eligible for being used in a response). Set SOA MINIMUM for the "redirect" zone on ns3 to 300 seconds, so that it matches the TTL of positive responses coming from that zone.

The problem described above does not apply to the first nonexist/TXT check in the "redirect" system test as it employs a "type redirect;" zone, i.e. does not involve recursion.

Merge request reports