Generally Accepted Values

Simon Waters Simon at wretched.demon.co.uk
Fri Oct 5 11:53:18 UTC 2001 

Michael Kjorling wrote:
> 
> My question is - what would be a reasonable negative caching TTL for
> zones that do not change very often?

More a question of how quickly you want changes to take place,
and how likely someone is to query the new entries before you
tell them they are ready, than how often they change. In the
unlikely event one of your URLs is featured in a major
publication, but they spell a bit (you can change in your DNS)
wrong, would you want to lose major ISP customers for 2 days, or
10 minutes?

Otherwise it is a question of how often repeated queries for
non-existent records are made. The usual culprit is
misconfigured computers, users tend not to repeatedly try
misspelt configurations - except perhaps "wwww" *8-)

I usually use ten minutes (sometimes less, but at least one of
the checking tools objects if you go much less than 10 minutes
and I like to keep unneeded warnings out of such checks to
encourage people to read the warnings they do get).

The final field of the SOA field is "negative cache time to
live", this isn't the "BIND 9 way" this is the "RCF2308 way". 

The falling back to using this field for default time to live is
the BIND way of handling broken zone files, however this
behaviour would appear to go against the spirit of RFC2308.
   
   "Where a server does not
   require RRs to include the TTL value explicitly, it should
provide a
   mechanism, not being the value of the MINIMUM field of the
SOA
   record, from which the missing TTL values are obtained.  How
this is
   done is implementation dependent."

BIND does not require explicit TTL, and does provide such a
mechanism (The $TTL directive) for specifying default TTL, so
arguably it is compliant, although it still falls back to the
value the RFC is trying to avoid.

This must now rank as one of the most common DNS configuration
problems on the Internet, although it is difficult to "prove",
all those people out there may really want a negative TTL of 1
day. Since negative TTL's greater than 3 hours may not behave as
expected, these people are going to be sorely disappointed with
BIND *8-)

More information about the bind-users mailing list