Caching question

[Barry Margolin]

In article <20000629225805.16124.qmail at geekgrrl.org>,
 <geekgrrl at geekgrrl.org> wrote:
>This is kind of an odd question, but it's been on my mind.
>
>Let's say I have a primary server for paxumbrae.com, and a secondary
>server. I also have a caching server that my LAN hits rather then my
>primary/seconday. Let's say I am running BIND 8.2.2P5 and the zone,
>paxumbrae.com, gets rejected for 'CNAME and other data' errors on the
>primary server.
>
>I know the secondary server will continue to answer until it's Expire
>time is met for the zone, continuously retrying to transfer it.
>
>How about the caching server? After the zone's ttl, will it immediately
>drop any records it has and cease to answer for anything in the zone?

TTLs apply individual records, not zones, so different records will time
out at different times depending on when they were cached (on the primary
server you can specify a default TTL for the entire zone file, but it's
just an abbreviation for putting that TTL on every record, and is invisible
to the protocol).

When a record times out on the caching server, it will be dropped, and the
next time someone asks for that record the caching server will ask one of
the authoritative servers.  If it asks the secondary server and the Expire
time hasn't run out yet, it will cache the response and everything will be
fine.

If it asks the primary server it will get a non-authoritative response, and
according to a message Mark Andrews posted a couple of days ago this will
be ignored; I think it will then try the secondary server and the result
will be as I described above.  If the zone has expired on the secondary
server, it will also return a non-authoritative response; in that case,
none of the servers are valid and it won't be able to answer the query.

I'm not quite sure that I believe what Mark wrote, though.  On many
occasions we've had domains expire on our secondary servers.  If all the
servers are non-authoritative, and BIND ignores non-authoritative
responses, I would expect a few of them to have called us reporting that
lots of people were unable to send them mail, get to their web site, etc.
Sometimes the servers had been lame for weeks or months, but they didn't
have any idea that there was a problem until we started scanning our logs
looking for expired zone messages.  While I know that some of our customers
are pretty clueless, there have been enough of these situations that I'd
expect at least one or two tickets to have been opened by the customers
before we started doing it proactively.

-- 
Barry Margolin, barmar at genuity.net
Genuity, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.