BIND 9.2.3: complains about low TTL's on startup?

Mark Andrews Mark_Andrews at isc.org
Tue Feb 22 23:20:05 UTC 2005 

> Mark Andrews <Mark_Andrews at isc.org> wrote in message news:<cv38m6$6k1$1 at sf1.isc
> .org>...
> > > Hello, I'm actually migrating from BIND8 to BIND9 (9.2.3). I have some
> > > entries with smaller TTL's (600) than the default TTL of the zone
> > > (which is set to 43200).
> > > Everytime I startup the named it complains like that:
> > > 
> > > Feb 17 17:55:56 xxx named[19917]: [ID 873579 daemon.warning]
> > > dns_master_load: x.y.in-addr.arpa.db:753: TTL set to prior TTL (43200)
> > > 
> > > Sure, it's just a warning and the TTL is in fact on 600 as desired. So
> > > does somebody know the reason of these warnings? Should I take care
> > > about them?
> > > 
> > > Cheers, Stefan
> > 
> > 	You have different records in the same RRset <name,type,class>
> > 	with different TTLs.  This is not allowed and is being
> > 	corrected.
> 
> 
> Mark, thanks so far. You were right, I had different TTL's in some
> resource records. What I was wondering: Even it complained on startup
> the TTL's have had set different (which I checked using the debug
> option of nslookup). So is it jus better to avoid different TTL's in
> the same resource record or is it just "forbidden"?
> I found this notes under
> http://marc.theaimsgroup.com/?l=bind9-users&m=106609018102984&w=2
> which seems to be also from you:
> 
> 	Differing TTLs break reverse validation (PTR-> A or AAAA).
> 	Differing TTLs break MX processing.
> 
> So what does that mean..?
> 
> Thanks, Stefan :-)

	Lots of consumers of the DNS assume that you will always
	get all the records in a RRset.  The algorithm for processing
	MX records assumes that you will always get the full RRset.
	Checking of reverse records also assumes that the the address
	RRsets are complete.

	If you have differing TTLs old nameservers will drop part
	of the RRset leading to unexpected results when the RRset is
	processed.  This includes old versions on named.

	See RFC 2181 Section 5.2.

	Differing TTLs were often a indication of RRsets being smashed 
	together.  BIND 8 and BIND 9 use differing ttls as a way to
	distingush good / bad RRSets all other thing being equal.
	You don't see these often now as the TTLs are corrected by
	the authorative servers and that most of the servers that
	smashed RRsets together have been replaced.

	BIND 9 doesn't even have the ability to store RRsets with
	differing TTLs.

	Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org

More information about the bind-users mailing list