kresd doesn't update NS TTL for out-of-bailiwick NSs
Compare the cache for these three domain names:
dig IN A parent-ttl-max-nomin-nodnssec-external.udp53.cz. @ns1.parent-ttl-max-nomin-nodnssec-external.ecdsa.cz.
dig IN A parent-ttl-max-nomin-nodnssec-in-bailiwick.udp53.cz. @ns1.parent-ttl-max-nomin-nodnssec-in-bailiwick.udp53.cz.
dig IN A parent-ttl-max-nomin-nodnssec-in-domain.udp53.cz. @ns1.parent-ttl-max-nomin-nodnssec-in-domain.udp53.cz.
When peeking into the cache, the answer for parent-ttl-max-nomin-nodnssec-external.udp53.cz.
doesn't result into updating the NS records in the cache, while it should, because the AUTHORITY answer is authoritative:
;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 39310
;; Flags: qr aa; QUERY: 1; ANSWER: 1; AUTHORITY: 2; ADDITIONAL: 0
;; QUESTION SECTION:
;; parent-ttl-max-nomin-nodnssec-external.udp53.cz. IN A
;; ANSWER SECTION:
parent-ttl-max-nomin-nodnssec-external.udp53.cz. 2592000 IN A 203.0.113.1
;; AUTHORITY SECTION:
parent-ttl-max-nomin-nodnssec-external.udp53.cz. 2592000 IN NS ns1.parent-ttl-max-nomin-nodnssec-external.ecdsa.cz.
parent-ttl-max-nomin-nodnssec-external.udp53.cz. 2592000 IN NS ns2.parent-ttl-max-nomin-nodnssec-external.ecdsa.cz.
;; Received 162 B
;; Time 2017-05-10 18:58:56 CEST
;; From 2a01:5f0:c001:113:a::14@53(UDP) in 0.8 ms
This is on the master
(well peek_lua_rr
) branch.