Name server changes TTL

Albert etienne at unicc.org
Mon Dec 22 13:16:26 UTC 2003


Kevin, thanks a lot for your answer --Albert

Kevin Darcy <kcd at daimlerchrysler.com> wrote in message news:<brvjmr$2aun$1 at sf1.isc.org>...
> Albert wrote:
> 
> >Kevin Darcy <kcd at daimlerchrysler.com> wrote in message news:<brspss$2fen$1 at sf1.isc.org>...
> >
> >  
> >
> >>That SOA RR is really a negative caching record. See RFC 2308 for more 
> >>details.
> >>
> >>                                                                         
> >>                                 - Kevin
> >>    
> >>
> >
> >Kevin, thanks a lot for replying. I've read RFC 2308 carefully but I
> >still can't come to a clear conclusion. I have a user who says:
> >
> >"the name server corrupts the 'Name Error' reply from the
> >authoritative name server tld1.ultradns.net in response to the query
> >for the Address of www.no-such-domain-123abc.org. The server have
> >changed the Time To Live of the returned SOA record in the Authority
> >section to a value smaller than the Minimum Time To Live of that SOA
> >record, which makes the replies invalid."
> >
> >My questions are therefore:
> >
> >- is it incorrect to return a TTL smaller than the Minimum TTL in the
> >case of a NXDOMAIN response?
> >
> The SOA "minimum" field *no*longer* means the minimum TTL for RRs in the 
> zone:
> 
> Section 4 of RFC 2308:
> 
> >   The SOA minimum field has been overloaded in the past to have three
> >   different meanings, the minimum TTL value of all RRs in a zone, the
> >   default TTL of RRs which did not contain a TTL value and the TTL of
> >   negative responses.
> >
> >   Despite being the original defined meaning, the first of these, the
> >   minimum TTL value of all RRs in a zone, has never in practice been
> >   used and is hereby deprecated.
> >
> The SOA "minimum" field now has a *different* meaning:
> 
> Section 5:
> 
> >   Like normal answers negative answers have a time to live (TTL).  As
> >   there is no record in the answer section to which this TTL can be
> >   applied, the TTL must be carried by another method.  This is done by
> >   including the SOA record from the zone in the authority section of
> >   the reply.  When the authoritative server creates this record its TTL
> >   is taken from the minimum of the SOA.MINIMUM field and SOA's TTL.
> >   This TTL decrements in a similar manner to a normal cached answer and
> >   upon reaching zero (0) indicates the cached negative answer MUST NOT
> >   be used again.
> >
> >- does that make the response from my server "invalid"?
> >
> No, not at all. Your user is clueless.
> 
> >- is this a feature of BIND 9.2.1?
> >
> It's a feature of any modern standards-conforming resolver or nameserver 
> implementation.
> 
> >- can this behavior be changed and how?
> >
> I suppose you could hack the code to make it standards-non-compliant. 
> Why would you want to?
> 
>                                                                          
>                                  - Kevin


More information about the bind-users mailing list