credibility changes TTL ?
Marc Lampo
Marc_Lampo at hotmail.com
Thu Sep 30 07:01:08 UTC 1999
Hello,
recently there where statements in this group that confuse me in the
sense
that seem to suggest there is some kind of interaction between the
credibility
of a record and its TTL. If I remember well one of the statements was
like this :
"since A-record has lower credibility it times out faster".
Do I understand it correctly that, if an authoritative answer (Cr-auth)
is received
with a TTL of, say, 86400 and in the same reply the additional data
(Cr-addtnl)
with the same TTL, the latter data would be erased first from the cache
?
One of the postings that puzzles me is where an referring domain server
has
different NS-records then the authoritative name servers themselves.
Suppose root name server states "ns.domain.com" is NS for "domain.com"
- the answer is cached with credibility "answer"
Now that name server, ns.domain.com, itself replies that
"ns1.domain.com" and "ns2.domain.com" are NS's
- those answers are cached with credibility "auth", the additional
A-records with credibility "addtnl".
Now the problem seemed to be the A-records time-out "faster" then
the NS-records. So, when the caching name server goes back to the
root name server, it does no longer believe him because it provides a
different answer with "lower" credibility then what is cached.
However, if both the A-records and the NS-records have the same
TTL, shouldn't they disappear together from the cache (thus avoiding
the deadlock) ?
(I spend considerable time reading and rereading "DNS & BIND", around
pages 305/306,
but there no mentioning about TTL there)
Thanks for clarifying,
Marc Lampo
-- --
Security Engineer for C-CURE CBVA, Belgium
Guest teacher of Client/Server Programming @ AT Computing (Dutch only)
Opionions are strictly personal and do not commit either company
More information about the bind-users
mailing list