credibility changes TTL ?

Mark_Andrews at isc.org Mark_Andrews at isc.org
Fri Oct 1 01:50:10 UTC 1999 

> Hello,
> 
> recently there where statements in this group that confuse me in the
> sense
> that seem to suggest there is some kind of interaction between the
> credibility
> of a record and its TTL.  If I remember well one of the statements was
> like this :
> "since A-record has lower credibility it times out faster".

	Additional credibility.  Each query removes 5% of the remaining
	ttl.  The reason for doing this was that additional data tends
	to have a lot of erroneous content.  This is decreasing as the
	old BIND 4.8 servers are slowly being replaced but will never
	completely go away (bad parent glue).
> 
> Do I understand it correctly that, if an authoritative answer (Cr-auth)
> is received
> with a TTL of, say, 86400 and in the same reply the additional data
> (Cr-addtnl)
> with the same TTL, the latter data would be erased first from the cache
> ?
> 
> One of the postings that puzzles me is where an referring domain server
> has
> different NS-records then the authoritative name servers themselves.
> Suppose root name server states  "ns.domain.com" is NS for "domain.com"
>  - the answer is cached with credibility "answer"
> Now that name server, ns.domain.com, itself replies that
>  "ns1.domain.com" and "ns2.domain.com" are NS's
>  - those answers are cached with credibility "auth", the additional
>      A-records with credibility "addtnl".
> Now the problem seemed to be the A-records time-out "faster" then
> the NS-records.  So, when the caching name server goes back to the
> root name server, it does no longer believe him because it provides a
> different answer with "lower" credibility then what is cached.
> However, if both the A-records and the NS-records have the same
> TTL, shouldn't they disappear together from the cache (thus avoiding
> the deadlock) ?
> 
	If they disappear at the same time, yes.

	There is no requirement for the NS and A records to have
	the same TTL.  There is a requirement for the parent and
	child zones to have the same NS RRsets (or the parent be
	a subset of the child's NS RRset while moving servers).

	Mark

> (I spend considerable time reading and rereading "DNS & BIND", around
> pages 305/306,
> but there no mentioning about TTL there)
> 
> Thanks for clarifying,
> 
> Marc Lampo
> 
> -- --
> Security Engineer for C-CURE CBVA, Belgium
> Guest teacher of Client/Server Programming @ AT Computing (Dutch only)
> Opionions are strictly personal and do not commit either company
> 
> 
> 
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the bind-users mailing list