NS TTL Discrepancy??

[Mark Andrews]

> In article <c2io0n$1mff$1 at sf1.isc.org>,
>  Mark Andrews <Mark_Andrews at isc.org> wrote:
> 
> > > If the glue A records time out of the cache before the NS records do, 
> > > the chicken-and-egg problem returns.  So you should ensure that the TTLs 
> > > on your nameservers' A records are at least as long as the TTLs on the 
> > > NS records.
> > 
> > 	Resolvers just have to detect this situation and ask the parent
> > 	server for the missing glue.
> 
> Does BIND do this?  I was under the impression it doesn't -- I've seen 
> plenty of times when a domain couldn't be resolved and it appeared to be 
> because of this situation.  So I assume that when it's trying to resolve 
> the hostnames in the NS records, it simply uses the standard resolution 
> algorithm, and doesn't treat this loop as a special case.
 
	It treats nameservers specially and will walk back up the
	heirachy looking for glue.  Determining when you should do
	this is not always straight forward.  BIND 8.4 does a better
	job that earlier releases.  Part of the reason BIND 8.4.2
	got yanked is that code to work out how to do this had a
	bad failure mode with lame servers and multiple IP stacks
	(IPv4 + IPv6).

	Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org