[dns-operations] How much trouble am in in on May 5?

George Barwood george.barwood at blueyonder.co.uk
Thu May 6 18:12:57 UTC 2010

----- Original Message ----- 
From: "Doug Barton" <dougb at dougbarton.us>
To: "Jaap Akkerhuis" <jaap at NLnetLabs.nl>
Cc: <dns-operations at mail.dns-oarc.net>
Sent: Thursday, May 06, 2010 7:54 AM
Subject: Re: [dns-operations] How much trouble am in in on May 5?

> And of course this all circles back to my previous
> question, what possible value could 41+day TTLs have for the A records
> given that the . NS records are only 6 days?

There is value in this set-up. 

When the NS RRset is sent, if the response size is restricted, not all the A and AAAA records may be included.

That means missing records may have to be fetched separately, so caching them for longer is good.

Using a relatively short TTL for the NS records means the name servers can be re-configured
relatively quickly, using a long/very long TTL for the A/AAA records is fine, because if necessary any
emergency re-configuration can be done by changing the NS RRset.

This becomes more significant if root-servers.net were to be signed, as in that case the signed A/AAAA records
would not fit in a 1500 byte internet MTU packet.

All this applies to any zone, not just the root zone.


More information about the dns-operations mailing list