Different TTL Behavior from Microsoft DNS

Kevin Darcy kcd at daimlerchrysler.com
Tue May 18 20:30:58 UTC 2004


Martin McCormick wrote:

>	When one queries a BIND  DNS, the TTL in the response is
>whatever TTL that particular zone has in it for that particular
>record.  Yesterday, I was trouble-shooting some weirdness related to a
>Microsoft DNS which is part of an Active Directory setup.  The record
>was an MX record which the MS DNS had received from our master bind
>DNS with a TTL of 600 seconds.
>
>	When I used dig to query the MS box, I got a correct answer
>but the TTL was less than 600 seconds.  I queried again and the number
>was even less than before.  I then got it through my skull that
>every query to the MS DNS returned a TTL based upon the number of
>seconds left in the MS box's cache of the record.
>
>	I wouldn't exactly call this wrong, but it is sure different
>than what bind does.  It would appear that if 100 clients requested
>that record from the MS system, all their TTL timers should time out
>at the same second as the TTL timer on the Microsoft DNS.
>
>	Is this behavior significant other than the fact it is different
>than what I expected to see?
>
Martin, non-authoritative servers always count down TTL values. That's 
the whole point of TTL: to prevent data from staying past its time. A 
non-authoritative BIND server will do the same thing.

                                                                         
                                                      - Kevin




More information about the bind-users mailing list