TTL is varying across nameservers

bind at eckner.net bind at eckner.net
Sun Sep 25 06:43:36 UTC 2022 

Hi Robert,

On Sun, 25 Sep 2022, Robert M. Stockmann wrote:

>
> There is something strange going on with the TTL
> of my domain across nameservers on the internet.
>
> This is how its configured on ns1.stokkie.net and ns2.stokkie.net :
>
> $ dig +norecurse +ttlid stokkie.net @84.87.53.162
>
> ; <<>> DiG 9.8.1 <<>> +norecurse +ttlid stokkie.net @84.87.53.162
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54209
> ;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
>
> ;; QUESTION SECTION:
> ;stokkie.net.                   IN      A
>
> ;; ANSWER SECTION:
> stokkie.net.            86400   IN      A       84.87.53.162

<- snip ->

> Here the nameserver of my ADSL ISP, resolver1.kpn.net :
>
> $ dig +ttlid stokkie.net @194.151.228.18
>
> ; <<>> DiG 9.8.1 <<>> +ttlid stokkie.net @194.151.228.18
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47231
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;stokkie.net.                   IN      A
>
> ;; ANSWER SECTION:
> stokkie.net.            79291   IN      A       84.87.53.162

<- snip ->

> Here the public DNS server of Google :
>
> $ dig +ttlid stokkie.net @8.8.8.8
>
> ; <<>> DiG 9.8.1 <<>> +ttlid stokkie.net @8.8.8.8
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29668
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;stokkie.net.                   IN      A
>
> ;; ANSWER SECTION:
> stokkie.net.            21599   IN      A       84.87.53.162

<- snip ->

> Here's the second time Google :
>
> $ dig +ttlid stokkie.net @8.8.8.8
>
> ; <<>> DiG 9.8.1 <<>> +ttlid stokkie.net @8.8.8.8
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3080
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;stokkie.net.                   IN      A
>
> ;; ANSWER SECTION:
> stokkie.net.            21600   IN      A       84.87.53.162

<- snip ->

>
> Is this proper behavior ?

Yes, it is. The queried dns servers are caching servers and answer from 
the cache. The first time, they get the result from the authoritative 
server with a TTL of 86400. When they serve the answer from the cache, 
they will reduce the TTL by the amount of seconds since they got it from 
the authoritative server - i.e. the TTL would be 0 after one day and the 
caching server (or any server downstream) *must* get a new record from the 
authoritative server.

Though, I find it interesting, that the TTL of the google dns server 
*increases* between the queries - are you sure, the order is right?

regards,
Erich

More information about the bind-users mailing list