[dns-operations] Inconsistent root server responses
Peter Koch
pk at DENIC.DE
Thu Jan 14 23:09:07 UTC 2010
On Thu, Jan 14, 2010 at 02:28:10PM -0800, Matthew Dempsky wrote:
> In response to "dig -t ns .", some root servers (e.g., A) are giving a
> TTL of 3600000 for glue A/AAAA records, while others (e.g., H) are
> returning glue records with a TTL of 518400. Is this expected?
the difference is that some are indeed handing out "glue" and others
are not. More precisely: all root name servers are running as (stealth,
maybe) authoritative servers for root-servers.net. The A/AAAA RRs
in that zone have TTL values of 3600000.
The glue A/AAAA RRs in the root zone have TTLs of 518400.
BIND (is|may be) configured to fill the additional section from authoritative
data (when it is present), while NSD will prefer glue records for this
purpose. Note that all servers will respond with a 3600000 TTL in
authoritative answers (i.e., if you explicitly query for one of the
root servers' names):
a.root-servers.net. 3600000 IN A 198.41.0.4
This is on the todo list for the next version of the Internet-Draft
draft-ietf-dnsop-resolver-priming.
The other difference you'll see is the capitalization vs downcasing
of "ROOT-SERVERS.NET".
-Peter
More information about the dns-operations
mailing list