[bind10-dev] NSAS Using Authority/Additional Information?

Stephen Morris stephen at isc.org
Fri Nov 26 22:40:45 UTC 2010 

On 26 Nov 2010, at 20:31, Jerry Scharf wrote:

> Michal,
> 
> I don't think you want to keep the TTL in the NSAS. The NSAS has zones and IP addresses. The TTLs are on NS rrs and A/AAAA rrs, which are not the same. This was part of the knot that Stephen got into when he started on this.

If you do keep anything in the NSAS, you need to know when to stop using it.  The idea is that the resolver asks the NSAS "here is a zone, give me an address of a nameserver within it".  So when storing information in the NSAS you associate an expiry time with it, which is the current time plus minimum of any relevant TTLs. (It is possible - but unlikely - that A and AAAA records have different TTLs; a simplification is to use the minimum of the two and associate it with address information of a nameserver.)  If you access something after the expiry time, you know that you must get the information anew.

> Other than resource limits, there is really no reason to remove anything from the NSAS. If a NS records for a zone expire, you can't delete the IP and its rtt because that may be shared with other zones.

That's where shared pointers come in.  You drop the information from the zone in question; if any other zones are using that information, it remains in existence until it is dropped from all zones that are using it.

There is also the possibility that an explicit removal of something from the cache is required.

> You could delete the zone and wait for the next query to rebuild it, but why bother unless there are resource limits. If the A/AAAA expires for a nameserver in a zone, you could kill it, but the odds are that you would just end up rebuilding it and you would lose the rtt information in the process.

When the NS records expire you need to renew them.  And when the A/AAAA record expires, again you need to fetch them.  The NSAS has the hierarchy zone -> nameserver -> IP.  So a zone entry is valid for as long as its nameserver RRs are valid, and a nameserver entry is valid for as long as its address records are valid.  (Removing an entity removes all entities under it - with the caveat that an entity is actually deleted when its reference count falls to zero.)

Losing the RTT information is a problem though.  A good compromise would seem to be not to delete information and rebuild it when it expires but to query the cache first.  If the information is the same as that in the NSAS, just update the expiration time; if not, replace the information.

> It seems to me like that you do some sort of simple LRU for all the zones and IPs for resource management. The IP LRU needs to be updates if the ttl is examined, not just if it was selected.

There are LRU lists - the main purpose of these is to limit the size of the cache.


Stephen

More information about the bind10-dev mailing list