[dns-operations] .ORG is signed

Alexander Gall gall at switch.ch
Fri Jun 5 13:04:52 UTC 2009

On Fri, 5 Jun 2009 14:52:15 +0200, Alexander Gall <gall at switch.ch> said:

> On Fri, 05 Jun 2009 13:53:07 +0200, Florian Weimer <fweimer at bfk.de> said:
>> * Chris Thompson:
>>> This happens whether the DO bit is set in the request or not. Was it
>>> happening before the zone was signed?

>> There was a time when negative responses weren't consistent across all
>> the servers, but some of the servers returned a zero TTL, too.  So the
>> answer is "yes".

> Indeed.  Also note that the TTL on the SOA RR itself is 0 as well.  I
> once asked them why they do this and their answer was a reference to
> RFC 1035, Section 3.2.1 (in the description of TTL):

>   "For example, SOA records are always distributed with a zero TTL to
>    prohibit caching."

> I then pointed them to RFC2181 section 7.2. but never got a reply to
> that.  If they only implement 1035, they might not have heared of
> negative caching either ;)

On second thought, lack of negative caching is a consequence of the
zero SOA TTL, since the TTL of a negaive response is the minimum of
the SOA TTL and the "minimum" field of the SOA RDATA.


More information about the dns-operations mailing list