Name server changes TTL

Mark_Andrews at isc.org Mark_Andrews at isc.org
Sat Dec 20 02:57:04 UTC 2003


> Kevin Darcy <kcd at daimlerchrysler.com> wrote in message news:<brspss$2fen$1 at sf1.isc.o
> rg>...
> 
> > That SOA RR is really a negative caching record. See RFC 2308 for more 
> > details.
> > 
> >                                                                          
> >                                  - Kevin
> 
> Kevin, thanks a lot for replying. I've read RFC 2308 carefully but I
> still can't come to a clear conclusion. I have a user who says:
> 
> "the name server corrupts the 'Name Error' reply from the
> authoritative name server tld1.ultradns.net in response to the query
> for the Address of www.no-such-domain-123abc.org. The server have
> changed the Time To Live of the returned SOA record in the Authority
> section to a value smaller than the Minimum Time To Live of that SOA
> record, which makes the replies invalid."
> 
> My questions are therefore:
> 
> - is it incorrect to return a TTL smaller than the Minimum TTL in the
> case of a NXDOMAIN response?

	No.  It is required that caches decrement this value by
	atleast 1 for each second the answer has been cached for.
	This allows caches to be chained together.  A cache is not
	allow in increase the TTL.

> - does that make the response from my server "invalid"?

	No.

> - is this a feature of BIND 9.2.1?

	It should be a feature of all caching servers.

	From RFC 2308

   As with caching positive responses it is sensible for a resolver to
   limit for how long it will cache a negative response as the protocol
   supports caching for up to 68 years.  Such a limit should not be
   greater than that applied to positive answers and preferably be
   tunable.  Values of one to three hours have been found to work well  
   and would make sensible a default.  Values exceeding one day have 
   been found to be problematic.

	named's default is 3 hours.

> - can this behavior be changed and how?

	max-ncache-ttl
 
> Again, I'd appreciate any help I can get because I can't find
> documentation (at my level) on this. Thanks.
> 
> Albert
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at isc.org


More information about the bind-users mailing list