DNS Negative Caching

Dave Warren davew at hireahit.com
Sat Aug 29 05:03:31 UTC 2015 

On 2015-08-28 14:15, Darcy Kevin (FCA) wrote:
> As you pointed out (correctly), this isn't an issue which affects anything that goes "on the wire", e.g. master-slave replication via AXFR/IXFR, since, "on the wire" the TTL is always included with the RR. It's only an issue for how the zone files are managed on the master.
>
> My opinion: named on the master should reject illegal zone files.

Agreed. Could you please cite where in RFC 2308 $TTL is a MUST, or even 
a SHOULD? Or was this made mandatory elsewhere?

RFC 2308 is clear on what should happen after a $TTL directive, but 
seems silent on how to handle resource records prior to, or in the 
absence of a $TTL directive, but it does note that the "minimum TTL" 
field has traditionally had three uses:

First: as a minimum. Result? "is hereby deprecated"

Second: Result? No change in status.

Third: "The remaining of the current meanings, of being the TTL to be 
used for negative responses, is the new defined meaning of the SOA 
minimum field." -- This almost goes far enough to depreciate the second, 
but given the explicit language depreciating the first, I would think 
that the author would have used similar language had they intended to 
depreciate the second.

The closest we get is section 4, "Where a server does not require RRs to 
include the TTL value explicitly, it should provide a mechanism, not 
being the value of the MINIMUM field of the SOA record, from which the 
missing TTL values are obtained."

That's a "should" (not even a "SHOULD"), but in the absence of this 
specified minimum (either by lack of implementation, or lack of 
configuration), the SOA MINIMUM field would seem to be better than 
failing outright.


> It's perhaps only an issue for some homebrew zonefile-creation scripts that were written a long time ago, and where the administrators have been systematically ignoring the "no TTL specified; using SOA MINTTL instead" errors in their logs, every time named loads or reloads the zones.

I'm not suggesting I'm going to start writing or recommending zone files 
without a $TTL directive, or that this is even a big deal in the real 
world, but I'm struggling to find a case where the absence of a $TTL 
directive would result in a zone file being illegal, and so falling back 
on the SOA's "minimum" field would seem to be a more sane choice than 
making one up or refusing the zone, if only as a nod to the legacy use 
of this field.

-- 
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren

More information about the bind-users mailing list