override ttl=0
Mark Andrews
Mark_Andrews at isc.org
Thu Jan 3 02:32:21 UTC 2008
> Well, it *shouldn't* be included in BIND, in my opinion. If a DNS record
> comes from an authoritative source with TTL=0 then it is to be treated
> as highly dynamic, literally able to change from second to second. The
> resolver shouldn't be holding onto data that it's been told is extremely
> mutable. To do so risks defeating whatever load-balancing mechanisms the
> domain owner has in place.
>
> If you *really* need functionality like this, then set up a "fake"
> version of the zone in question, query the real zone periodically, and
> then update your fake version dynamically. At least then you contain
> this ugliness within the normal nameserver/resolver constructs.
>
> By the way, the document you linked to in your previous message makes
> mention of the fact that TTLs are set to 0 when an address is allocated
> at the time of query (which I interpret to mean *dynamically*), but also
> talks about static translation. Could it be that the TTL=0 problem is
> just a side effect of your network architecture? Or, if Cisco is dumb
> enough to set TTL=0 blindly and unconditionally, everyone who uses the
> product should be complaining to them about it.
Additionally for the product to function at all the translation
needs to have a non zero lifetime which should be reflected
in the TTL of the record.
e.g.
TTL = MIN(untranslated TTL, translation lifetime).
This preserves the semantics of a DNS address lookup.
A time T you get a name to address mapping that is good
for TTL seconds.
Also you patch is not A/AAAA agnostic.
Mark
> - Kevin
>
> Herve Guehl wrote:
> > Hi,
> > Could such a feature be included in bind ?
> > regards
> > Hervé
> >
> > On Dec 22, 2007 8:56 AM, Herve Guehl <herve.guehl at gmail.com> wrote:
> >
> >
> >> Unfortunatly, The manufacturer is CISCO... http://www.cisco.com/en/US/prod
> ucts/ps6553/products_white_paper09186a008011ff51.shtml
> >>
> >> It's a pain when your working with partners that use this
> >> technology...(Obviously I have no choice and bo weight about it :) )
> >>
> >> regard.
> >> Herve Guehl
> >>
> >>
> >>
> >> On Dec 21, 2007 10:51 PM, Mark Andrews <Mark_Andrews at isc.org> wrote:
> >>
> >>
> >>>> Hi everybody,
> >>>> I'm getting troubles with a DNS-ALG machine that send ttl=0 for every
> >>>> question I send to it.
> >>>> I browsed archive but did not find any solution to my problem.
> >>>> I just need to override ttl for A record when the ttl=0.
> >>>> Here a patch for bind 9.3.3rc2 (redhat 5.0).
> >>>> I know, that TTL should not be overrided, but in some case this
> >>>> functionality can be helpfull.
> >>>>
> >>> Tell us the manufacture of the DNS-ALG so we can all avoid
> >>> such a broken product. The DNS requires caching to work.
> >>> Any DNS-ALG that don't pass on the TTL is broken.
> >>>
> >>>
> >>>> The status of this patch is 'works for me'.
> >>>>
> >>>> Please let me know if there is another implementation
> >>>>
> >>>> Regard
> >>>> Hervé Guehl
> >>>>
> >>>> Note : dont blame me if i'm not using the right list, just say me
> >>>>
> >>> where I
> >>>
> >>>> should write
> >>>>
> >>>>
> >>>>
> >>>> diff -urN bind-9.3.3rc2.ori/bin/named/server.c bind-9.3.3rc2
> >>>> /bin/named/server.c
> >>>> --- bind-9.3.3rc2.ori/bin/named/server.c 2006-05-24 06:30:
> >>>> 24.000000000 +0200
> >>>> +++ bind-9.3.3rc2/bin/named/server.c 2007-12-18 22:01:47.000000000+01
> 00
> >>>> @@ -1245,6 +1245,11 @@
> >>>> result = ns_config_get(maps, "max-cache-ttl", &obj);
> >>>> INSIST(result == ISC_R_SUCCESS);
> >>>> view->maxcachettl = cfg_obj_asuint32(obj);
> >>>> +
> >>>> + obj = NULL;
> >>>> + result = ns_config_get(maps, "override-zero-cache-ttl", &obj);
> >>>> + INSIST(result == ISC_R_SUCCESS);
> >>>> + view->overridezerocachettl = cfg_obj_asuint32(obj);
> >>>>
> >>>> obj = NULL;
> >>>> result = ns_config_get(maps, "max-ncache-ttl", &obj);
> >>>> diff -urN bind-9.3.3rc2.ori /lib/dns/include/dns/view.h bind-9.3.3rc2
> >>>> /lib/dns/include/dns/view.h
> >>>> --- bind-9.3.3rc2.ori/lib/dns/include/dns/view.h 2004-03-10
> >>>>
> >>> 03:55:
> >>>
> >>>> 58.000000000 +0100
> >>>> +++ bind-9.3.3rc2/lib/dns/include/dns/view.h 2007-12-18 22:02:
> >>>> 01.000000000 +0100
> >>>> @@ -116,6 +116,7 @@
> >>>> isc_boolean_t requestixfr;
> >>>> isc_boolean_t provideixfr;
> >>>> dns_ttl_t maxcachettl;
> >>>> + dns_ttl_t overridezerocachettl;
> >>>> dns_ttl_t maxncachettl;
> >>>> in_port_t dstport;
> >>>> dns_aclenv_t aclenv;
> >>>> diff -urN bind-9.3.3rc2.ori/lib/dns/resolver.c bind-9.3.3rc2
> >>>> /lib/dns/resolver.c
> >>>> --- bind-9.3.3rc2.ori/lib/dns/resolver.c 2006-08-31 05:57:
> >>>> 11.000000000 +0200
> >>>> +++ bind-9.3.3rc2 /lib/dns/resolver.c 2007-12-18 22:02:56.000000000+0
> 100
> >>>> @@ -3537,6 +3537,11 @@
> >>>> rdataset->ttl = res->view->maxcachettl;
> >>>>
> >>>> /*
> >>>> + * HGU configure minimum ttl if ttl=0 for A record
> >>>> + */
> >>>> + if ( (rdataset->ttl == 0) && (rdataset->type ==
> >>>> dns_rdatatype_a) )
> >>>> + rdataset->ttl > > res->view->overridezerocachet
> tl;
> >>>> + /*
> >>>> * If this rrset is in a secure domain, do DNSSEC
> >>>>
> >>> validation
> >>>
> >>>> * for it, unless it is glue.
> >>>> */
> >>>> diff -urN bind-9.3.3rc2.ori /lib/isccfg/namedconf.c bind-9.3.3rc2
> >>>> /lib/isccfg/namedconf.c
> >>>> --- bind-9.3.3rc2.ori/lib/isccfg/namedconf.c 2006-03-02 01:37:
> >>>> 20.000000000 +0100
> >>>> +++ bind-9.3.3rc2/lib/isccfg/namedconf.c 2007-12-19 15:11:
> >>>> 49.000000000 +0100
> >>>> @@ -715,6 +715,7 @@
> >>>> { "lame-ttl", &cfg_type_uint32, 0 },
> >>>> { "max-ncache-ttl", &cfg_type_uint32, 0 },
> >>>> { "max-cache-ttl", &cfg_type_uint32, 0 },
> >>>> + { "override-zero-cache-ttl", &cfg_type_uint32, 0 },
> >>>> { "transfer-format", &cfg_type_transferformat, 0 },
> >>>> { "max-cache-size", &cfg_type_sizenodefault, 0 },
> >>>> { "check-names", &cfg_type_checknames, CFG_CLAUSEFLAG_MULTI },
> >>>>
> >>>>
> >>>>
> >>> --
> >>> Mark Andrews, ISC
> >>> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> >>> PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
> >>>
> >>>
> >>
> >
> >
> >
> >
> >
>
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list