[dns-operations] caches only resetting TTL? was Re: Where to find "DNS resolution path corruption"?

Peter Koch pk at DENIC.DE
Tue Feb 26 13:05:03 UTC 2008

On Tue, Feb 26, 2008 at 01:39:01PM +0100, Antoin Verschuren wrote:

> Is it broken cashing resolvers, ISP's caching longer than the zone's TTL, or is it in algorithms resolvers use to update their cache ?

that's a _really_ nice one ;-)

> Somewhere in the resolution path, I will get the nameservers for example.com and the MX answers and cache them:
> example.com.	86400	IN	MX 50 mail.example.com.
> example.com.	86400	IN	NS ns1.example.com.

You'll get the NS RRSet twice, once as referral and then very likely as supplement to the authoritative
response to the subsequent query.  This time in the authority section with a TTL determined by the (child)
zone maintainer and that TTL might be higher than the delegation NS RRSet TTL.

> If that is so, then when I do a new query for the MX record when it has expired will update against false data again, and again, and again, untill no queries for the domain are asked to that resolver during a complete TTL.

The other case that is occasionally seen is when ISPs do not separate authoritative and recursive servers
and their own customers are served with the stale, outdated data.  Not sure that the registry should support
this practice by insisting the old zone be deleted.


More information about the dns-operations mailing list