NS TTL Discrepancy??
Barry Margolin
barmar at alum.mit.edu
Mon Mar 8 21:05:39 UTC 2004
In article <c2ieqe$ph9$1 at sf1.isc.org>,
Jonathan de Boyne Pollard <J.deBoynePollard at Tesco.NET> wrote:
> RSP> This is what appears to be a recently discovered problem.
>
> It's not recently discovered, and it's not a problem.
>
> RSP> [...] If this happens, the DNS resolver knows to go to
> RSP> ns1.example.com and ns2.example.com, but it now can't get
> RSP> to them. The problem is that to get the A record for
> RSP> ns1.example.com and ns2.example.com, the DNS resolver must
> RSP> go to the NS records for example.com -- but, it can't get
> RSP> to them without the A record, and you're stuck in a loop.
>
> This is why we have "additional" section processing, "glue" resource record
> sets, and fallback to the nearest enclosing superdomain whose content DNS
> servers are known. Far from being recently discovered, this chicken-and-egg
> problem was addressed in RFC 1034.
If the glue A records time out of the cache before the NS records do,
the chicken-and-egg problem returns. So you should ensure that the TTLs
on your nameservers' A records are at least as long as the TTLs on the
NS records.
--
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
More information about the bind-users
mailing list