which NS record will be cached?

[Marc Lampo]

Hello,

The question is less about TTL, but rather "credibility".

The answer from the root name server are referrals - AA bit in reply is
not set;
The answer from ns2.google.com. is from an authoritative NS (has the AA
bit set).
The latter answer has credibility "AUTH", which is the highest
--> stored should be the answer from the authoritative NS


And think one step further :
what if the list of NS's in the parent (the root in this case)
is different from the list of NS's at the domain level itself ?

The "danger" here is that the name server still has the names in cache
(credibility AUTH)
but the associated glue records may have timed out (eg because of lower
TTL).
When there are no more addresses available, the name server should go back
via the parent.
But if the parent replies with a different list of NS names (then still in
the cache),
the name server should *refuse* to believe that info (because it still has
a better answer).
Consequently : since the info is not believed, no answers can be provided
for that domain (until the list of names, cached with credibility AUTH,
times out itself)
--> domain kind of bounces from accessible to inaccessible and back.

Cfr http://www.c3.hu/docs/oreilly/tcpip/dnsbind/ch13_02.htm
(search for "credibility" - just before the first match there is a Bind
(4!) cache dump;
 A bit dated, for sure, but Bind 4 still shows credibility in the cache
dump.
 I think Bind 8 does as well, have not found yet were Bind 9 shows this ?)

Morale : referral in parent should be identical to (or be a subset) of NS
records at domain level.


Kind regards,

Marc Lampo
Security Officer
EURid (for .eu)


-----Original Message-----
From: MontyRee [mailto:chulmin2 at hotmail.com]
Sent: 12 January 2012 10:10 AM
To: bind-users at lists.isc.org
Subject: which NS record will be cached?


Hi, all.


I have one question about NS cache ttl.
for example, I can get two different NS TTL like below. 

$ dig  google.com ns +trace

google.com.             172800  IN      NS      ns2.google.com.
google.com.             172800  IN      NS      ns1.google.com.
google.com.             172800  IN      NS      ns3.google.com.
google.com.             172800  IN      NS      ns4.google.com.
;; Received 164 bytes from 192.5.6.30#53(a.gtld-servers.net) in 173 ms

google.com.             345600  IN      NS      ns4.google.com.
google.com.             345600  IN      NS      ns1.google.com.
google.com.             345600  IN      NS      ns2.google.com.
google.com.             345600  IN      NS      ns3.google.com.
;; Received 164 bytes from 216.239.34.10#53(ns2.google.com) in 43 ms

so, on resolving DNS, which NS record TTL will be cached generally?
172800 or 345600?


Thanks in advance.