[bind10-dev] bug? SOA TTL is not min(MINIMUM,TTL) when name error
fujiwara at jprs.co.jp
fujiwara at jprs.co.jp
Tue Jan 15 12:51:28 UTC 2013
BIND 10 auth server does not set SOA MINIMUM to TTL of SOA RR
when name error or no type.
example:
dig +norec @ns.jinmei.org zz.jinmei.org a
answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 42976
;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; AUTHORITY SECTION:
jinmei.org. 86400 IN SOA ns.jinmei.org. jinmei.kame.net. 2012112501 7200 3600 2592000 1200
RFC 2308 Section 3 says:
The TTL of this
record is set from the minimum of the MINIMUM field of the SOA record
and the TTL of the SOA itself, and indicates how long a resolver may
cache the negative answer.
jinmei.org case, MINIMUM is 1200 and TTL of SOA RR is 86400.
The TTL value of SOA RR should be 1200, I think.
I found this phenomenon by the BIND 10 evaluation using JP zone.
--
Kazunori Fujiwara, JPRS <fujiwara at jprs.co.jp>
More information about the bind10-dev
mailing list