override ttl=0

Mark Andrews Mark_Andrews at isc.org
Thu Jan 3 02:32:21 UTC 2008 

> Well, it *shouldn't* be included in BIND, in my opinion. If a DNS record 
> comes from an authoritative source with TTL=0 then it is to be treated 
> as highly dynamic, literally able to change from second to second. The 
> resolver shouldn't be holding onto data that it's been told is extremely 
> mutable. To do so risks defeating whatever load-balancing mechanisms the 
> domain owner has in place.
> 
> If you *really* need functionality like this, then set up a "fake" 
> version of the zone in question, query the real zone periodically, and 
> then update your fake version dynamically. At least then you contain 
> this ugliness within the normal nameserver/resolver constructs.
> 
> By the way, the document you linked to in your previous message makes 
> mention of the fact that TTLs are set to 0 when an address is allocated 
> at the time of query (which I interpret to mean *dynamically*), but also 
> talks about static translation. Could it be that the TTL=0 problem is 
> just a side effect of your network architecture? Or, if Cisco is dumb 
> enough to set TTL=0 blindly and unconditionally, everyone who uses the 
> product should be complaining to them about it.

	Additionally for the product to function at all the translation
	needs to have a non zero lifetime which should be reflected
	in the TTL of the record.

	e.g.
		TTL = MIN(untranslated TTL, translation lifetime).

	This preserves the semantics of a DNS address lookup.

	A time T you get a name to address mapping that is good
	for TTL seconds.

	Also you patch is not A/AAAA agnostic.

	Mark

>                                        - Kevin
> 
> Herve Guehl wrote:
> > Hi,
> > Could such a feature be included in bind ?
> > regards
> > Hervé
> >
> > On Dec 22, 2007 8:56 AM, Herve Guehl <herve.guehl at gmail.com> wrote:
> >
> >   
> >> Unfortunatly, The manufacturer is CISCO... http://www.cisco.com/en/US/prod
> ucts/ps6553/products_white_paper09186a008011ff51.shtml
> >>
> >> It's a pain when your working with partners that use this
> >> technology...(Obviously I have no choice and bo weight about it :) )
> >>
> >> regard.
> >> Herve Guehl
> >>
> >>
> >>
> >> On Dec 21, 2007 10:51 PM, Mark Andrews <Mark_Andrews at isc.org> wrote:
> >>
> >>     
> >>>> Hi everybody,
> >>>> I'm getting troubles with a DNS-ALG machine that send ttl=0 for every
> >>>> question I send to it.
> >>>> I browsed archive but did not find any solution to my problem.
> >>>> I just need to override ttl for A record when the ttl=0.
> >>>> Here a patch for bind 9.3.3rc2 (redhat 5.0).
> >>>> I know, that TTL should not be overrided, but in some case this
> >>>> functionality can be helpfull.
> >>>>         
> >>>        Tell us the manufacture of the DNS-ALG so we can all avoid
> >>>        such a broken product.  The DNS requires caching to work.
> >>>        Any DNS-ALG that don't pass on the TTL is broken.
> >>>
> >>>       
> >>>> The status of this patch is 'works for me'.
> >>>>
> >>>> Please let me know if there is another implementation
> >>>>
> >>>> Regard
> >>>> Hervé Guehl
> >>>>
> >>>> Note : dont blame me if i'm not using the right list, just say me
> >>>>         
> >>> where I
> >>>       
> >>>> should write
> >>>>
> >>>>
> >>>>
> >>>> diff -urN bind-9.3.3rc2.ori/bin/named/server.c bind-9.3.3rc2
> >>>> /bin/named/server.c
> >>>> --- bind-9.3.3rc2.ori/bin/named/server.c        2006-05-24 06:30:
> >>>> 24.000000000 +0200
> >>>> +++ bind-9.3.3rc2/bin/named/server.c    2007-12-18 22:01:47.000000000+01
> 00
> >>>> @@ -1245,6 +1245,11 @@
> >>>>         result = ns_config_get(maps, "max-cache-ttl", &obj);
> >>>>         INSIST(result == ISC_R_SUCCESS);
> >>>>         view->maxcachettl = cfg_obj_asuint32(obj);
> >>>> +
> >>>> +       obj = NULL;
> >>>> +       result = ns_config_get(maps, "override-zero-cache-ttl", &obj);
> >>>> +       INSIST(result == ISC_R_SUCCESS);
> >>>> +       view->overridezerocachettl = cfg_obj_asuint32(obj);
> >>>>
> >>>>         obj = NULL;
> >>>>         result = ns_config_get(maps, "max-ncache-ttl", &obj);
> >>>> diff -urN bind-9.3.3rc2.ori /lib/dns/include/dns/view.h bind-9.3.3rc2
> >>>> /lib/dns/include/dns/view.h
> >>>> --- bind-9.3.3rc2.ori/lib/dns/include/dns/view.h        2004-03-10
> >>>>         
> >>> 03:55:
> >>>       
> >>>> 58.000000000 +0100
> >>>> +++ bind-9.3.3rc2/lib/dns/include/dns/view.h    2007-12-18 22:02:
> >>>> 01.000000000 +0100
> >>>> @@ -116,6 +116,7 @@
> >>>>         isc_boolean_t                   requestixfr;
> >>>>         isc_boolean_t                   provideixfr;
> >>>>         dns_ttl_t                       maxcachettl;
> >>>> +       dns_ttl_t                       overridezerocachettl;
> >>>>         dns_ttl_t                       maxncachettl;
> >>>>         in_port_t                       dstport;
> >>>>         dns_aclenv_t                    aclenv;
> >>>> diff -urN bind-9.3.3rc2.ori/lib/dns/resolver.c bind-9.3.3rc2
> >>>> /lib/dns/resolver.c
> >>>> --- bind-9.3.3rc2.ori/lib/dns/resolver.c        2006-08-31 05:57:
> >>>> 11.000000000 +0200
> >>>> +++ bind-9.3.3rc2 /lib/dns/resolver.c    2007-12-18 22:02:56.000000000+0
> 100
> >>>> @@ -3537,6 +3537,11 @@
> >>>>                         rdataset->ttl = res->view->maxcachettl;
> >>>>
> >>>>                 /*
> >>>> +                 * HGU configure minimum ttl if ttl=0 for A record
> >>>> +               */
> >>>> +               if  ( (rdataset->ttl == 0) && (rdataset->type ==
> >>>> dns_rdatatype_a) )
> >>>> +                        rdataset->ttl > > res->view->overridezerocachet
> tl;
> >>>> +               /*
> >>>>                  * If this rrset is in a secure domain, do DNSSEC
> >>>>         
> >>> validation
> >>>       
> >>>>                  * for it, unless it is glue.
> >>>>                  */
> >>>> diff -urN bind-9.3.3rc2.ori /lib/isccfg/namedconf.c bind-9.3.3rc2
> >>>> /lib/isccfg/namedconf.c
> >>>> --- bind-9.3.3rc2.ori/lib/isccfg/namedconf.c    2006-03-02 01:37:
> >>>> 20.000000000 +0100
> >>>> +++ bind-9.3.3rc2/lib/isccfg/namedconf.c        2007-12-19 15:11:
> >>>> 49.000000000 +0100
> >>>> @@ -715,6 +715,7 @@
> >>>>         { "lame-ttl", &cfg_type_uint32, 0 },
> >>>>         { "max-ncache-ttl", &cfg_type_uint32, 0 },
> >>>>         { "max-cache-ttl", &cfg_type_uint32, 0 },
> >>>> +       { "override-zero-cache-ttl", &cfg_type_uint32, 0 },
> >>>>         { "transfer-format", &cfg_type_transferformat, 0 },
> >>>>         { "max-cache-size", &cfg_type_sizenodefault, 0 },
> >>>>         { "check-names", &cfg_type_checknames, CFG_CLAUSEFLAG_MULTI },
> >>>>
> >>>>
> >>>>         
> >>> --
> >>> Mark Andrews, ISC
> >>> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> >>> PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org
> >>>
> >>>       
> >>     
> >
> >
> >
> >
> >   
> 
> 
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org

More information about the bind-users mailing list