override ttl=0

[Herve Guehl]

I agree with Stephane.
We all know that should not be done. But facing miss-configuration of other
admins is a pain.
In my case, DNS servers behind the cisco stuff are under heavy load (of
course...) and this cause troubles to my users.

I was just proposing to have the choice to override TTL=0 in some special
cases.
I think this feature should not be in the main section of the configuration
but for each zone (this way you can choose where you set this hack).
Perhaps a good developper (which I am not) could make the change if this is
not too invasive for BIND.

Hervé



On Jan 3, 2008 3:15 PM, Stephane Bortzmeyer <bortzmeyer at nic.fr> wrote:

> On Thu, Jan 03, 2008 at 02:59:09PM +0100,
>  Adam Tkac <atkac at redhat.com> wrote
>  a message of 26 lines which said:
>
> > It means if one server is broken you have to include similar patch
> > to other servers. And this is really not solution.  Broken server
> > has to be fixed.
>
> I don't think there was a broken server anywhere. The issue is with
> broken *configurations*, people who put TTL=0 in their zone file
> because they don't understand caching and fear it.
>
> Most (all?) administrators of big DNS recursors observe a trend
> towards more and more TTL=0 records, trend probably driven by people
> who feel simpler to disable the DNS caching, specially when using
> things like dynamic DNS. These administrators of big DNS recursors see
> that trend as both an abuse (a legal one but an abuse nevertheless) of
> the DNS and as an immediate danger for their servers. Hence the
> request to have a way to violate the DNS protocol (something which
> should obviously be activated only on a specific request from a
> consenting adult).
>
> Remember: the one who takes the decision (using TTL=0) is not the one
> who pays for it (in terms of larger work for the recursor). So, it
> seems reasonable that the persons who pay have some sort of control.
>
>
>