DNS TTLs revisited

Robert Gahl bgahl at bawcsa.org
Thu Feb 5 22:53:38 UTC 2004 

At 02:04 PM 2/5/2004, David Botham wrote:

>No.  What I was trying to say is that when you configure a zone database
>file, you use a $TTL statement to set the default TTL for every RR in the
>zone where one is not explicitly stated.

Yes, I have done this in each and every zone file. It was originally set to 
86400.

>When the name server loads the zone, it inserts each RR into memory with
>an explicit TTL on it (if you were able to look into memory, you would see
>this).

No argument. I understand what the default TTL is for and how it operates.

>Another place to see this effect is to look at the backup file of a slave
>zone.  You will notice that regardless of how you typed the information
>into the master zone database file (by using the single $TTL directive),
>each and every RR in the backup copy of zone on the slave has an explicit
>TTL.

And, this is what I did. I had a default TTL of 86400 in the zone. On the 
particular host:

         ssl-hints.netflame.cc

I set an explicit TTL of 30 seconds to over-ride the default of 86400. 
However, despite doing this, I have gotten some evidence that this explicit 
TTL is not being read (i.e., do a dig on ssl-hints.netflame.cc and some 
servers are reporting 86400, not 30, despite the fact that when I do it 
from yet other servers, it is showing 30 like it should).

Thus my question: Do earlier versions of BIND lack the ability to recognize 
the specific setting of TTLs on individual hosts?

If this is true (i.e., older versions of BIND lack the ability to recognize 
explicit setting of TTL on specific hosts), then reversing my logic seems 
to way to handle this. Set the default to 30 and then set everything I 
don't want to be 30 to be 86400. It's a horrible way to fix this, but fix 
it, it would.

>In the end, if you want a TTL of 30 seconds set for just one RR, then,
>explicitly state one for that RR and use the $TTL directive for the rest.

This is what I originally did, and to date, it had appeared to work just 
fine. However, as of today, I'm not so confident any more because I have 
seen some DNS queries on specific servers (but can't get anyone to answer 
me as to what version of BIND, if indeed, they are running BIND) that say 
86400, not 30.

This is what prompted me to contact the list.

Perhaps I'm not doing a good job of phrasing the situation.

===
Bob Gahl Bicycle (Ryan Vanguard) Mobile ||     @
     ARPA/Internet: bgahl at bawcsa.org     ||  !_ \
    URL: http://www.bawcsa.org/bgahl/    ||  (*)-~--+--(*)
"Sahn joong moe low ful how jee yah ching wong" - "When the
mountain has no tigers, the monkey will also declare himself
king." Chinese Proverb

More information about the bind-users mailing list