[bind10-dev] Question about TTL of negative response
wanghaidong
wanghaidong at cnnic.cn
Mon Mar 7 03:06:39 UTC 2011
Hi Mark:
In the section 3 of RFC2308, it says:
The TTL of this record is set from the minimum of the MINIMUM field of the SOA record and the TTL of the SOA itself, and indicates how long a resolver may cache the negative answer.
As my understanding, this is a requirement for the authoritative server's implementation. But if the authoritative server does not follow it and give a negative answer in which the SOA record's TTL is larger than SOA.MINIMUM, what should the recursive server do?
For example, if we dig asdf.example.org, and the server give the following answer (this is a hacked response):
; <<>> DiG 9.7.1-P2 <<>> @dns1.icann.org asdf.example.org a
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 39684
;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;asdf.example.org. IN A
;; AUTHORITY SECTION:
example.org. 96400 IN SOA dns1.icann.org. hostmaster.icann
.org. 2010072301 7200 3600 1209600 86400
Should the recursive server use 96400 as the TTL of the message or correct it with 86400? Thanks.
Best Regards
Ocean
More information about the bind10-dev
mailing list