Negative-caching TTL and regular TTL have little to do with each other; it's
not a reasonable assumption that one should stand in as a default for the
other. I know analogies are frequently dangerous, but to me, that's kind of
like saying that the amount of time that normally elapses between replacing
one's automobile with a newer vehicle, can be safely assumed to be equal to the
amount of time one could go without an automobile at all. The two things are
related, of course (in the analogy, they're both about automobiles), but it
would be foolish to assume that one time interval is the same as the other. One
pertains to the *existence* of something, that needs to be periodically
refreshed; the other refers to the duration of an *absence* of something.
As you pointed out (correctly), this isn't an issue which affects anything that
goes "on the wire", e.g. master-slave replication via AXFR/IXFR, since, "on the
wire" the TTL is always included with the RR. It's only an issue for how the
zone files are managed on the master.
My opinion: named on the master should reject illegal zone files.
Note that this is a non-issue if Dynamic Update is being used to manage zones
(since then named writes out the zone file), or if a commercial-grade DNS
management system is the thing that's generating the zone files (since they
should all be compliant to RFC 2308 by now; if not, sue the manufacturer for a
product defect). It's perhaps only an issue for some homebrew zonefile-creation
scripts that were written a long time ago, and where the administrators have
been systematically ignoring the "no TTL specified; using SOA MINTTL instead"
errors in their logs, every time named loads or reloads the zones.
- Kevin
-----Original Message-----
From: bind-users-boun...@lists.isc.org
[mailto:bind-users-boun...@lists.isc.org] On Behalf Of Matus UHLAR - fantomas
Sent: Friday, August 28, 2015 3:49 PM
To: bind-users@lists.isc.org
Subject: Re: DNS Negative Caching
On 28.08.15 17:32, Darcy Kevin (FCA) wrote:
>RFC 2308 said that the use of the last field of the SOA to set
>negative-caching TTL is "the new defined meaning of the SOA minimum
>field". So you can *call* it "minimum", but it is *actually* supposed
>to function as something else...
>
>Eventually I hope BIND will conform to the spirit of RFC 2308 and stop
>using the last field of the SOA to set the default TTL, as a "fallback"
>in scenarios where the file would otherwise be illegal (i.e. the
>first RR has no explicit TTL set, and there is no $TTL directive preceding
>it).
> RFC 2308 is so old, that if it were a person, it would be legal to buy
>cigarettes in some parts of the world. It's long past time for folks
>to get with the program.
what would you expect bind to do in such case, refuse the zone?
The "minimum" value is safe default in most cases.
Note that is only matters on masters, the XFER slaves see the ttl within each
record...
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
One OS to rule them all, One OS to find them, One OS to bring them all and
into darkness bind them _______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
