Moving DNS out of non-cooperative provider

Phil Mayers p.mayers at
Tue Jun 19 07:19:51 UTC 2012

On 06/19/2012 04:18 AM, Barry Margolin wrote:

> Didn't this used to be a problem?  When the caching server queries the
> cached nameservers, the response would include the old NS records in the
> Authority section.  The caching server would then replaced the cached NS
> records with these records, resetting the TTL to its full time.  As long
> as it continued performing queries against the old servers before the NS
> records timed out, the TTLs would keep getting reset, and never expire.

Interesting. I was unaware of this issue, thanks for pointing it out. As 
Mark mentions in his follow-up, it seems like there are other corner 
cases where a broken or malicious nameserver can futz up delegations.

More information about the bind-users mailing list