DNS TTLs revisited
Robert Gahl
bgahl at bawcsa.org
Thu Feb 5 22:53:38 UTC 2004
At 02:04 PM 2/5/2004, David Botham wrote:
>No. What I was trying to say is that when you configure a zone database
>file, you use a $TTL statement to set the default TTL for every RR in the
>zone where one is not explicitly stated.
Yes, I have done this in each and every zone file. It was originally set to
86400.
>When the name server loads the zone, it inserts each RR into memory with
>an explicit TTL on it (if you were able to look into memory, you would see
>this).
No argument. I understand what the default TTL is for and how it operates.
>Another place to see this effect is to look at the backup file of a slave
>zone. You will notice that regardless of how you typed the information
>into the master zone database file (by using the single $TTL directive),
>each and every RR in the backup copy of zone on the slave has an explicit
>TTL.
And, this is what I did. I had a default TTL of 86400 in the zone. On the
particular host:
ssl-hints.netflame.cc
I set an explicit TTL of 30 seconds to over-ride the default of 86400.
However, despite doing this, I have gotten some evidence that this explicit
TTL is not being read (i.e., do a dig on ssl-hints.netflame.cc and some
servers are reporting 86400, not 30, despite the fact that when I do it
from yet other servers, it is showing 30 like it should).
Thus my question: Do earlier versions of BIND lack the ability to recognize
the specific setting of TTLs on individual hosts?
If this is true (i.e., older versions of BIND lack the ability to recognize
explicit setting of TTL on specific hosts), then reversing my logic seems
to way to handle this. Set the default to 30 and then set everything I
don't want to be 30 to be 86400. It's a horrible way to fix this, but fix
it, it would.
>In the end, if you want a TTL of 30 seconds set for just one RR, then,
>explicitly state one for that RR and use the $TTL directive for the rest.
This is what I originally did, and to date, it had appeared to work just
fine. However, as of today, I'm not so confident any more because I have
seen some DNS queries on specific servers (but can't get anyone to answer
me as to what version of BIND, if indeed, they are running BIND) that say
86400, not 30.
This is what prompted me to contact the list.
Perhaps I'm not doing a good job of phrasing the situation.
===
Bob Gahl Bicycle (Ryan Vanguard) Mobile || @
ARPA/Internet: bgahl at bawcsa.org || !_ \
URL: http://www.bawcsa.org/bgahl/ || (*)-~--+--(*)
"Sahn joong moe low ful how jee yah ching wong" - "When the
mountain has no tigers, the monkey will also declare himself
king." Chinese Proverb
More information about the bind-users
mailing list