credibility changes TTL ?
Mark_Andrews at isc.org
Mark_Andrews at isc.org
Fri Oct 1 01:50:10 UTC 1999
> Hello,
>
> recently there where statements in this group that confuse me in the
> sense
> that seem to suggest there is some kind of interaction between the
> credibility
> of a record and its TTL. If I remember well one of the statements was
> like this :
> "since A-record has lower credibility it times out faster".
Additional credibility. Each query removes 5% of the remaining
ttl. The reason for doing this was that additional data tends
to have a lot of erroneous content. This is decreasing as the
old BIND 4.8 servers are slowly being replaced but will never
completely go away (bad parent glue).
>
> Do I understand it correctly that, if an authoritative answer (Cr-auth)
> is received
> with a TTL of, say, 86400 and in the same reply the additional data
> (Cr-addtnl)
> with the same TTL, the latter data would be erased first from the cache
> ?
>
> One of the postings that puzzles me is where an referring domain server
> has
> different NS-records then the authoritative name servers themselves.
> Suppose root name server states "ns.domain.com" is NS for "domain.com"
> - the answer is cached with credibility "answer"
> Now that name server, ns.domain.com, itself replies that
> "ns1.domain.com" and "ns2.domain.com" are NS's
> - those answers are cached with credibility "auth", the additional
> A-records with credibility "addtnl".
> Now the problem seemed to be the A-records time-out "faster" then
> the NS-records. So, when the caching name server goes back to the
> root name server, it does no longer believe him because it provides a
> different answer with "lower" credibility then what is cached.
> However, if both the A-records and the NS-records have the same
> TTL, shouldn't they disappear together from the cache (thus avoiding
> the deadlock) ?
>
If they disappear at the same time, yes.
There is no requirement for the NS and A records to have
the same TTL. There is a requirement for the parent and
child zones to have the same NS RRsets (or the parent be
a subset of the child's NS RRset while moving servers).
Mark
> (I spend considerable time reading and rereading "DNS & BIND", around
> pages 305/306,
> but there no mentioning about TTL there)
>
> Thanks for clarifying,
>
> Marc Lampo
>
> -- --
> Security Engineer for C-CURE CBVA, Belgium
> Guest teacher of Client/Server Programming @ AT Computing (Dutch only)
> Opionions are strictly personal and do not commit either company
>
>
>
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list