negative caching ttl question

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

negative caching ttl question

Veaceslav Revutchi
Given this soa:

fe80.info. 3600 IN SOA ns-538.awsdns-03.net.
awsdns-hostmaster.amazon.com. 1 7200 900 1209600 60

I see bind caching negative answers for 3600 instead of 60. The rfc
and my google searches suggest that it should pick the MIN(soa ttl,
soa min ttl) for that purpose. What am I missing?

Thank you,
Slava
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: negative caching ttl question

Tony Finch
Veaceslav Revutchi <[hidden email]> wrote:

> Given this soa:
>
> fe80.info. 3600 IN SOA ns-538.awsdns-03.net.
> awsdns-hostmaster.amazon.com. 1 7200 900 1209600 60
>
> I see bind caching negative answers for 3600 instead of 60. The rfc
> and my google searches suggest that it should pick the MIN(soa ttl,
> soa min ttl) for that purpose. What am I missing?

I think what RFC 2308 says (sections 3 and 5) the authoritative server for
the zone is responsible for calculating the negative TTL from the minimum
of the SOA TTL and MINIMUM fields. Sections 5 and 6 say that resolvers and
caches propagate the negative TTL using just the TTL field of the SOA in
the AUTHORITY section of the response (though the RFC could be a little
more explicit about this).

What's happening for fe80.info is the AWS DNS authoritative servers are
setting the wrong TTL in the negative response, and your BIND cache is
doing what it is told to do.

Tony.
--
f.anthony.n.finch  <[hidden email]>  http://dotat.at/
Ardnamurchan Point to Cape Wrath: Northeast 5 or 6, veering east 3 or 4 later.
Rough becoming moderate. Showers. Good, occasionally moderate.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: negative caching ttl question

Veaceslav Revutchi
Thank you, Tony. You're right.

I do see a difference in behavior when querying other authoritative,
non-AWS servers. I didn't realize it was the job of the authoritative
server to do the math and present the proper ttl. Thanks for the
pointer to the relevant section in the rfc.

Slava

On Tue, Oct 13, 2020 at 1:34 PM Tony Finch <[hidden email]> wrote:

>
> Veaceslav Revutchi <[hidden email]> wrote:
>
> > Given this soa:
> >
> > fe80.info. 3600 IN SOA ns-538.awsdns-03.net.
> > awsdns-hostmaster.amazon.com. 1 7200 900 1209600 60
> >
> > I see bind caching negative answers for 3600 instead of 60. The rfc
> > and my google searches suggest that it should pick the MIN(soa ttl,
> > soa min ttl) for that purpose. What am I missing?
>
> I think what RFC 2308 says (sections 3 and 5) the authoritative server for
> the zone is responsible for calculating the negative TTL from the minimum
> of the SOA TTL and MINIMUM fields. Sections 5 and 6 say that resolvers and
> caches propagate the negative TTL using just the TTL field of the SOA in
> the AUTHORITY section of the response (though the RFC could be a little
> more explicit about this).
>
> What's happening for fe80.info is the AWS DNS authoritative servers are
> setting the wrong TTL in the negative response, and your BIND cache is
> doing what it is told to do.
>
> Tony.
> --
> f.anthony.n.finch  <[hidden email]>  http://dotat.at/
> Ardnamurchan Point to Cape Wrath: Northeast 5 or 6, veering east 3 or 4 later.
> Rough becoming moderate. Showers. Good, occasionally moderate.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users