[bind10-dev] Question about TTL of negative response

Mark Andrews marka at isc.org
Mon Mar 7 03:28:18 UTC 2011 

In message <499467200.08686 at cnnic.cn> <003d01cbdc74$ad8b3690$08a1a3b0$@cn>, "wa
nghaidong" writes:
> Hi Mark:
> In the section 3 of RFC2308, it says:
> 	The TTL of this record is set from the minimum of the MINIMUM field of 
> =
> the SOA record and the TTL of the SOA itself, and indicates how long a =
> resolver may cache the negative answer.
> As my understanding, this is a requirement for the authoritative =
> server's implementation. But if the authoritative server does not follow =
> it and give a negative answer in which the SOA record's TTL is larger =
> than SOA.MINIMUM, what should the recursive server do?

Reduce it if it is greater than the cache's max negative cache ttl
otherwise just honour it.

   As with caching positive responses it is sensible for a resolver to
   limit for how long it will cache a negative response as the protocol
   supports caching for up to 68 years.  Such a limit should not be
   greater than that applied to positive answers and preferably be
   tunable.  Values of one to three hours have been found to work well
   and would make sensible a default.  Values exceeding one day have
   been found to be problematic.
 
> For example, if we dig asdf.example.org, and the server give the =
> following answer (this is a hacked response):
>     ; <<>> DiG 9.7.1-P2 <<>> @dns1.icann.org asdf.example.org a
>     ; (1 server found)
>     ;; global options: +cmd
>     ;; Got answer:
>     ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 39684
>     ;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
>    =20
>     ;; QUESTION SECTION:
>     ;asdf.example.org.              IN      A
>    =20
>     ;; AUTHORITY SECTION:
>     example.org.            96400   IN      SOA     dns1.icann.org. =
> hostmaster.icann
>     .org. 2010072301 7200 3600 1209600 86400
> 
> Should the recursive server use 96400 as the TTL of the message or =
> correct it with 86400? Thanks.
> 
> Best Regards
> Ocean
> 
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the bind10-dev mailing list