Re: TTL is varying across nameservers

[bind]

Hi Robert,

On Sun, 25 Sep 2022, Robert M. Stockmann wrote:


There is something strange going on with the TTL
of my domain across nameservers on the internet.

This is how its configured on ns1.stokkie.net and ns2.stokkie.net :

$ dig +norecurse +ttlid stokkie.net @84.87.53.162

; <<>> DiG 9.8.1 <<>> +norecurse +ttlid stokkie.net @84.87.53.162
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54209
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;stokkie.net.                   IN      A

;; ANSWER SECTION:
stokkie.net.            86400   IN      A       84.87.53.162

<- snip ->

Here the nameserver of my ADSL ISP, resolver1.kpn.net :

$ dig +ttlid stokkie.net @194.151.228.18

; <<>> DiG 9.8.1 <<>> +ttlid stokkie.net @194.151.228.18
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47231
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;stokkie.net.                   IN      A

;; ANSWER SECTION:
stokkie.net.            79291   IN      A       84.87.53.162

<- snip ->

Here the public DNS server of Google :

$ dig +ttlid stokkie.net @8.8.8.8

; <<>> DiG 9.8.1 <<>> +ttlid stokkie.net @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29668
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;stokkie.net.                   IN      A

;; ANSWER SECTION:
stokkie.net.            21599   IN      A       84.87.53.162

<- snip ->

Here's the second time Google :

$ dig +ttlid stokkie.net @8.8.8.8

; <<>> DiG 9.8.1 <<>> +ttlid stokkie.net @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3080
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;stokkie.net.                   IN      A

;; ANSWER SECTION:
stokkie.net.            21600   IN      A       84.87.53.162

<- snip ->


Is this proper behavior ?

Yes, it is. The queried dns servers are caching servers and answer from 
the cache. The first time, they get the result from the authoritative 
server with a TTL of 86400. When they serve the answer from the cache, 
they will reduce the TTL by the amount of seconds since they got it from 
the authoritative server - i.e. the TTL would be 0 after one day and the 
caching server (or any server downstream) *must* get a new record from the 
authoritative server.

Though, I find it interesting, that the TTL of the google dns server 
*increases* between the queries - are you sure, the order is right?

regards,
Erich
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users