NS TTL Discrepancy??

Barry Margolin barmar at alum.mit.edu
Mon Mar 8 21:05:39 UTC 2004


In article <c2ieqe$ph9$1 at sf1.isc.org>,
 Jonathan de Boyne Pollard <J.deBoynePollard at Tesco.NET> wrote:

> RSP> This is what appears to be a recently discovered problem.  
> 
> It's not recently discovered, and it's not a problem.
> 
> RSP> [...] If this happens, the DNS resolver knows to go to
> RSP> ns1.example.com and ns2.example.com, but it now can't get 
> RSP> to them.  The problem is that to get the A record for
> RSP> ns1.example.com and ns2.example.com, the DNS resolver must 
> RSP> go to the NS records for example.com -- but, it can't get 
> RSP> to them without the A record, and you're stuck in a loop.
> 
> This is why we have "additional" section processing, "glue" resource record
> sets, and fallback to the nearest enclosing superdomain whose content DNS
> servers are known.  Far from being recently discovered, this chicken-and-egg
> problem was addressed in RFC 1034.

If the glue A records time out of the cache before the NS records do, 
the chicken-and-egg problem returns.  So you should ensure that the TTLs 
on your nameservers' A records are at least as long as the TTLs on the 
NS records.

-- 
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***


More information about the bind-users mailing list