Name server changes TTL
Albert
etienne at unicc.org
Mon Dec 22 13:16:26 UTC 2003
Kevin, thanks a lot for your answer --Albert
Kevin Darcy <kcd at daimlerchrysler.com> wrote in message news:<brvjmr$2aun$1 at sf1.isc.org>...
> Albert wrote:
>
> >Kevin Darcy <kcd at daimlerchrysler.com> wrote in message news:<brspss$2fen$1 at sf1.isc.org>...
> >
> >
> >
> >>That SOA RR is really a negative caching record. See RFC 2308 for more
> >>details.
> >>
> >>
> >> - Kevin
> >>
> >>
> >
> >Kevin, thanks a lot for replying. I've read RFC 2308 carefully but I
> >still can't come to a clear conclusion. I have a user who says:
> >
> >"the name server corrupts the 'Name Error' reply from the
> >authoritative name server tld1.ultradns.net in response to the query
> >for the Address of www.no-such-domain-123abc.org. The server have
> >changed the Time To Live of the returned SOA record in the Authority
> >section to a value smaller than the Minimum Time To Live of that SOA
> >record, which makes the replies invalid."
> >
> >My questions are therefore:
> >
> >- is it incorrect to return a TTL smaller than the Minimum TTL in the
> >case of a NXDOMAIN response?
> >
> The SOA "minimum" field *no*longer* means the minimum TTL for RRs in the
> zone:
>
> Section 4 of RFC 2308:
>
> > The SOA minimum field has been overloaded in the past to have three
> > different meanings, the minimum TTL value of all RRs in a zone, the
> > default TTL of RRs which did not contain a TTL value and the TTL of
> > negative responses.
> >
> > Despite being the original defined meaning, the first of these, the
> > minimum TTL value of all RRs in a zone, has never in practice been
> > used and is hereby deprecated.
> >
> The SOA "minimum" field now has a *different* meaning:
>
> Section 5:
>
> > Like normal answers negative answers have a time to live (TTL). As
> > there is no record in the answer section to which this TTL can be
> > applied, the TTL must be carried by another method. This is done by
> > including the SOA record from the zone in the authority section of
> > the reply. When the authoritative server creates this record its TTL
> > is taken from the minimum of the SOA.MINIMUM field and SOA's TTL.
> > This TTL decrements in a similar manner to a normal cached answer and
> > upon reaching zero (0) indicates the cached negative answer MUST NOT
> > be used again.
> >
> >- does that make the response from my server "invalid"?
> >
> No, not at all. Your user is clueless.
>
> >- is this a feature of BIND 9.2.1?
> >
> It's a feature of any modern standards-conforming resolver or nameserver
> implementation.
>
> >- can this behavior be changed and how?
> >
> I suppose you could hack the code to make it standards-non-compliant.
> Why would you want to?
>
>
> - Kevin
More information about the bind-users
mailing list