DNS Negative Caching
Dave Warren
davew at hireahit.com
Sat Aug 29 05:03:31 UTC 2015
On 2015-08-28 14:15, Darcy Kevin (FCA) wrote:
> As you pointed out (correctly), this isn't an issue which affects anything that goes "on the wire", e.g. master-slave replication via AXFR/IXFR, since, "on the wire" the TTL is always included with the RR. It's only an issue for how the zone files are managed on the master.
>
> My opinion: named on the master should reject illegal zone files.
Agreed. Could you please cite where in RFC 2308 $TTL is a MUST, or even
a SHOULD? Or was this made mandatory elsewhere?
RFC 2308 is clear on what should happen after a $TTL directive, but
seems silent on how to handle resource records prior to, or in the
absence of a $TTL directive, but it does note that the "minimum TTL"
field has traditionally had three uses:
First: as a minimum. Result? "is hereby deprecated"
Second: Result? No change in status.
Third: "The remaining of the current meanings, of being the TTL to be
used for negative responses, is the new defined meaning of the SOA
minimum field." -- This almost goes far enough to depreciate the second,
but given the explicit language depreciating the first, I would think
that the author would have used similar language had they intended to
depreciate the second.
The closest we get is section 4, "Where a server does not require RRs to
include the TTL value explicitly, it should provide a mechanism, not
being the value of the MINIMUM field of the SOA record, from which the
missing TTL values are obtained."
That's a "should" (not even a "SHOULD"), but in the absence of this
specified minimum (either by lack of implementation, or lack of
configuration), the SOA MINIMUM field would seem to be better than
failing outright.
> It's perhaps only an issue for some homebrew zonefile-creation scripts that were written a long time ago, and where the administrators have been systematically ignoring the "no TTL specified; using SOA MINTTL instead" errors in their logs, every time named loads or reloads the zones.
I'm not suggesting I'm going to start writing or recommending zone files
without a $TTL directive, or that this is even a big deal in the real
world, but I'm struggling to find a case where the absence of a $TTL
directive would result in a zone file being illegal, and so falling back
on the SOA's "minimum" field would seem to be a more sane choice than
making one up or refusing the zone, if only as a nod to the legacy use
of this field.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
More information about the bind-users
mailing list