Name server changes TTL

Kevin Darcy kcd at daimlerchrysler.com
Fri Dec 19 19:28:38 UTC 2003


Albert wrote:

>Kevin Darcy <kcd at daimlerchrysler.com> wrote in message news:<brspss$2fen$1 at sf1.isc.org>...
>
>  
>
>>That SOA RR is really a negative caching record. See RFC 2308 for more 
>>details.
>>
>>                                                                         
>>                                 - Kevin
>>    
>>
>
>Kevin, thanks a lot for replying. I've read RFC 2308 carefully but I
>still can't come to a clear conclusion. I have a user who says:
>
>"the name server corrupts the 'Name Error' reply from the
>authoritative name server tld1.ultradns.net in response to the query
>for the Address of www.no-such-domain-123abc.org. The server have
>changed the Time To Live of the returned SOA record in the Authority
>section to a value smaller than the Minimum Time To Live of that SOA
>record, which makes the replies invalid."
>
>My questions are therefore:
>
>- is it incorrect to return a TTL smaller than the Minimum TTL in the
>case of a NXDOMAIN response?
>
The SOA "minimum" field *no*longer* means the minimum TTL for RRs in the 
zone:

Section 4 of RFC 2308:

>   The SOA minimum field has been overloaded in the past to have three
>   different meanings, the minimum TTL value of all RRs in a zone, the
>   default TTL of RRs which did not contain a TTL value and the TTL of
>   negative responses.
>
>   Despite being the original defined meaning, the first of these, the
>   minimum TTL value of all RRs in a zone, has never in practice been
>   used and is hereby deprecated.
>
The SOA "minimum" field now has a *different* meaning:

Section 5:

>   Like normal answers negative answers have a time to live (TTL).  As
>   there is no record in the answer section to which this TTL can be
>   applied, the TTL must be carried by another method.  This is done by
>   including the SOA record from the zone in the authority section of
>   the reply.  When the authoritative server creates this record its TTL
>   is taken from the minimum of the SOA.MINIMUM field and SOA's TTL.
>   This TTL decrements in a similar manner to a normal cached answer and
>   upon reaching zero (0) indicates the cached negative answer MUST NOT
>   be used again.
>
>- does that make the response from my server "invalid"?
>
No, not at all. Your user is clueless.

>- is this a feature of BIND 9.2.1?
>
It's a feature of any modern standards-conforming resolver or nameserver 
implementation.

>- can this behavior be changed and how?
>
I suppose you could hack the code to make it standards-non-compliant. 
Why would you want to?

                                                                         
                                 - Kevin





More information about the bind-users mailing list