[dns-operations] .ORG is signed
Dave Knight
dknight at ca.afilias.info
Fri Jun 5 13:36:34 UTC 2009
On 5-Jun-09, at 9:04 AM, Alexander Gall wrote:
> On Fri, 5 Jun 2009 14:52:15 +0200, Alexander Gall <gall at switch.ch>
> said:
>
>> On Fri, 05 Jun 2009 13:53:07 +0200, Florian Weimer <fweimer at bfk.de>
>> said:
>>> * Chris Thompson:
>>>> This happens whether the DO bit is set in the request or not. Was
>>>> it
>>>> happening before the zone was signed?
>
>>> There was a time when negative responses weren't consistent across
>>> all
>>> the servers, but some of the servers returned a zero TTL, too. So
>>> the
>>> answer is "yes".
>
>> Indeed. Also note that the TTL on the SOA RR itself is 0 as well. I
>> once asked them why they do this and their answer was a reference to
>> RFC 1035, Section 3.2.1 (in the description of TTL):
>
>> "For example, SOA records are always distributed with a zero TTL to
>> prohibit caching."
>
>> I then pointed them to RFC2181 section 7.2. but never got a reply to
>> that. If they only implement 1035, they might not have heared of
>> negative caching either ;)
>
> On second thought, lack of negative caching is a consequence of the
> zero SOA TTL, since the TTL of a negaive response is the minimum of
> the SOA TTL and the "minimum" field of the SOA RDATA.
A fix for this is in the works, it's going to be implemented for .ORG
this month.
Thanks for your attention,
dave
More information about the dns-operations
mailing list