override ttl=0
Kevin Darcy
kcd at chrysler.com
Thu Jan 3 01:50:55 UTC 2008
Well, it *shouldn't* be included in BIND, in my opinion. If a DNS record
comes from an authoritative source with TTL=0 then it is to be treated
as highly dynamic, literally able to change from second to second. The
resolver shouldn't be holding onto data that it's been told is extremely
mutable. To do so risks defeating whatever load-balancing mechanisms the
domain owner has in place.
If you *really* need functionality like this, then set up a "fake"
version of the zone in question, query the real zone periodically, and
then update your fake version dynamically. At least then you contain
this ugliness within the normal nameserver/resolver constructs.
By the way, the document you linked to in your previous message makes
mention of the fact that TTLs are set to 0 when an address is allocated
at the time of query (which I interpret to mean *dynamically*), but also
talks about static translation. Could it be that the TTL=0 problem is
just a side effect of your network architecture? Or, if Cisco is dumb
enough to set TTL=0 blindly and unconditionally, everyone who uses the
product should be complaining to them about it.
- Kevin
Herve Guehl wrote:
> Hi,
> Could such a feature be included in bind ?
> regards
> Hervé
>
> On Dec 22, 2007 8:56 AM, Herve Guehl <herve.guehl at gmail.com> wrote:
>
>
>> Unfortunatly, The manufacturer is CISCO... http://www.cisco.com/en/US/products/ps6553/products_white_paper09186a008011ff51.shtml
>>
>> It's a pain when your working with partners that use this
>> technology...(Obviously I have no choice and bo weight about it :) )
>>
>> regard.
>> Herve Guehl
>>
>>
>>
>> On Dec 21, 2007 10:51 PM, Mark Andrews <Mark_Andrews at isc.org> wrote:
>>
>>
>>>> Hi everybody,
>>>> I'm getting troubles with a DNS-ALG machine that send ttl=0 for every
>>>> question I send to it.
>>>> I browsed archive but did not find any solution to my problem.
>>>> I just need to override ttl for A record when the ttl=0.
>>>> Here a patch for bind 9.3.3rc2 (redhat 5.0).
>>>> I know, that TTL should not be overrided, but in some case this
>>>> functionality can be helpfull.
>>>>
>>> Tell us the manufacture of the DNS-ALG so we can all avoid
>>> such a broken product. The DNS requires caching to work.
>>> Any DNS-ALG that don't pass on the TTL is broken.
>>>
>>>
>>>> The status of this patch is 'works for me'.
>>>>
>>>> Please let me know if there is another implementation
>>>>
>>>> Regard
>>>> Hervé Guehl
>>>>
>>>> Note : dont blame me if i'm not using the right list, just say me
>>>>
>>> where I
>>>
>>>> should write
>>>>
>>>>
>>>>
>>>> diff -urN bind-9.3.3rc2.ori/bin/named/server.c bind-9.3.3rc2
>>>> /bin/named/server.c
>>>> --- bind-9.3.3rc2.ori/bin/named/server.c 2006-05-24 06:30:
>>>> 24.000000000 +0200
>>>> +++ bind-9.3.3rc2/bin/named/server.c 2007-12-18 22:01:47.000000000+0100
>>>> @@ -1245,6 +1245,11 @@
>>>> result = ns_config_get(maps, "max-cache-ttl", &obj);
>>>> INSIST(result == ISC_R_SUCCESS);
>>>> view->maxcachettl = cfg_obj_asuint32(obj);
>>>> +
>>>> + obj = NULL;
>>>> + result = ns_config_get(maps, "override-zero-cache-ttl", &obj);
>>>> + INSIST(result == ISC_R_SUCCESS);
>>>> + view->overridezerocachettl = cfg_obj_asuint32(obj);
>>>>
>>>> obj = NULL;
>>>> result = ns_config_get(maps, "max-ncache-ttl", &obj);
>>>> diff -urN bind-9.3.3rc2.ori /lib/dns/include/dns/view.h bind-9.3.3rc2
>>>> /lib/dns/include/dns/view.h
>>>> --- bind-9.3.3rc2.ori/lib/dns/include/dns/view.h 2004-03-10
>>>>
>>> 03:55:
>>>
>>>> 58.000000000 +0100
>>>> +++ bind-9.3.3rc2/lib/dns/include/dns/view.h 2007-12-18 22:02:
>>>> 01.000000000 +0100
>>>> @@ -116,6 +116,7 @@
>>>> isc_boolean_t requestixfr;
>>>> isc_boolean_t provideixfr;
>>>> dns_ttl_t maxcachettl;
>>>> + dns_ttl_t overridezerocachettl;
>>>> dns_ttl_t maxncachettl;
>>>> in_port_t dstport;
>>>> dns_aclenv_t aclenv;
>>>> diff -urN bind-9.3.3rc2.ori/lib/dns/resolver.c bind-9.3.3rc2
>>>> /lib/dns/resolver.c
>>>> --- bind-9.3.3rc2.ori/lib/dns/resolver.c 2006-08-31 05:57:
>>>> 11.000000000 +0200
>>>> +++ bind-9.3.3rc2 /lib/dns/resolver.c 2007-12-18 22:02:56.000000000+0100
>>>> @@ -3537,6 +3537,11 @@
>>>> rdataset->ttl = res->view->maxcachettl;
>>>>
>>>> /*
>>>> + * HGU configure minimum ttl if ttl=0 for A record
>>>> + */
>>>> + if ( (rdataset->ttl == 0) && (rdataset->type ==
>>>> dns_rdatatype_a) )
>>>> + rdataset->ttl > > res->view->overridezerocachettl;
>>>> + /*
>>>> * If this rrset is in a secure domain, do DNSSEC
>>>>
>>> validation
>>>
>>>> * for it, unless it is glue.
>>>> */
>>>> diff -urN bind-9.3.3rc2.ori /lib/isccfg/namedconf.c bind-9.3.3rc2
>>>> /lib/isccfg/namedconf.c
>>>> --- bind-9.3.3rc2.ori/lib/isccfg/namedconf.c 2006-03-02 01:37:
>>>> 20.000000000 +0100
>>>> +++ bind-9.3.3rc2/lib/isccfg/namedconf.c 2007-12-19 15:11:
>>>> 49.000000000 +0100
>>>> @@ -715,6 +715,7 @@
>>>> { "lame-ttl", &cfg_type_uint32, 0 },
>>>> { "max-ncache-ttl", &cfg_type_uint32, 0 },
>>>> { "max-cache-ttl", &cfg_type_uint32, 0 },
>>>> + { "override-zero-cache-ttl", &cfg_type_uint32, 0 },
>>>> { "transfer-format", &cfg_type_transferformat, 0 },
>>>> { "max-cache-size", &cfg_type_sizenodefault, 0 },
>>>> { "check-names", &cfg_type_checknames, CFG_CLAUSEFLAG_MULTI },
>>>>
>>>>
>>>>
>>> --
>>> Mark Andrews, ISC
>>> 1 Seymour St., Dundas Valley, NSW 2117, Australia
>>> PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
>>>
>>>
>>
>
>
>
>
>
More information about the bind-users
mailing list