Moving DNS out of non-cooperative provider
Cathy Almond
cathya at isc.org
Thu Jun 21 10:38:59 UTC 2012
On 19/06/12 11:18, Alexander Gurvitz wrote:
>>
>> 3282. [bug] Restrict the TTL of NS RRset to no more than that
>>
>> of the old NS RRset when replacing it.
>> [RT #27792] [RT #27884]
>>
>
> Just to clarify - does this rule applies also while replacing parent NS
> records
> with (more credible) child NS records ?
>
> If yes - child TTL larger than 48 hours (i.e. for .COM) is always
> disregarded.
> If not - ghost domains issue is not solved.
>
> (I'm sorry for being annoying.)
No - you're not!
In answer to your first question:
> "TTL of the old NS RRset" here means the current "remaining" TTL,
> or the original TTL value as received with the authoritative answer ?
This means the current "remaining" TTL - otherwise it's not going to
achieve the desired result.
And yes - it does also apply when replacing parent NS records with child
NS records - with the limitation that you already observed, that a child
TTL that is larger than the TTL in the parent is going to be disregarded.
Also - if in your example above, if the child NS records have a smaller
TTL than the currently 'counting down' cached and larger TTL from the
parent zone, then we'll use the smaller TTL of the child zone records
thereafter too - although I think this is more intuitive/obvious.
Cathy
More information about the bind-users
mailing list