CD flag and NS TTL
Alexander Gurvitz
alex at net-me.net
Thu Oct 11 21:50:05 UTC 2012
Hello.
I came across an interesting side-effect which CD flag have on the TTL of
the NS records:
; <<>> DiG 9.8.1-P1 <<>> @localhost isc.org NS
;; ANSWER SECTION:
isc.org. 7200 IN NS ns.isc.afilias-nst.info.
isc.org. 7200 IN NS ord.sns-pb.isc.org.
isc.org. 7200 IN NS sfba.sns-pb.isc.org.
isc.org. 7200 IN NS ams.sns-pb.isc.org.
; <<>> DiG 9.8.1-P1 <<>> @localhost isc.org NS +dnssec +cdflag
;; ANSWER SECTION:
isc.org. 86400 IN NS sfba.sns-pb.isc.org.
isc.org. 86400 IN NS ord.sns-pb.isc.org.
isc.org. 86400 IN NS ns.isc.afilias-nst.info.
isc.org. 86400 IN NS ams.sns-pb.isc.org.
isc.org. 7200 IN RRSIG NS 5 2 7200 20121110193032 20121011193032 4442
isc.org. J1......
BIND was restarted before each query. Note the TTL difference between the
two queries, and also note the TTL and maxTTL in the RRSIG vs. TTL of the
records it signs.
Is this behavior expected ?
Would be interesting to see what happens if the NS RRsets differ not just
in the TTL.
Regards,
Alexander Gurvitz,
net-me.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20121011/8bbb9c15/attachment.html>
More information about the bind-users
mailing list