[dns-operations] How much trouble am in in on May 5?
george.barwood at blueyonder.co.uk
Thu May 6 18:12:57 UTC 2010
----- Original Message -----
From: "Doug Barton" <dougb at dougbarton.us>
To: "Jaap Akkerhuis" <jaap at NLnetLabs.nl>
Cc: <dns-operations at mail.dns-oarc.net>
Sent: Thursday, May 06, 2010 7:54 AM
Subject: Re: [dns-operations] How much trouble am in in on May 5?
> And of course this all circles back to my previous
> question, what possible value could 41+day TTLs have for the A records
> given that the . NS records are only 6 days?
There is value in this set-up.
When the NS RRset is sent, if the response size is restricted, not all the A and AAAA records may be included.
That means missing records may have to be fetched separately, so caching them for longer is good.
Using a relatively short TTL for the NS records means the name servers can be re-configured
relatively quickly, using a long/very long TTL for the A/AAA records is fine, because if necessary any
emergency re-configuration can be done by changing the NS RRset.
This becomes more significant if root-servers.net were to be signed, as in that case the signed A/AAAA records
would not fit in a 1500 byte internet MTU packet.
All this applies to any zone, not just the root zone.
More information about the dns-operations