[dns-operations] I want a pony^H^H^H^H^H^Hto change the TTL (Was: TLD glue sticks around too long

Paul Vixie paul at redbarn.org
Tue Dec 6 18:44:22 UTC 2016



Stephane Bortzmeyer wrote:
> On Mon, Dec 05, 2016 at 12:38:58PM -0500,
>  Andrew Sullivan <ajs at anvilwalrusden.com> wrote 
>  a message of 17 lines which said:
> 
>>> Also, since the resolver uses the TTL from the zone (which is
>>> authoritative), why worrying about the TTL from the parent?
>> Not every resolver does that, alas.
> 
> Then, we should mandate this behaviour, instead of asking for the
> ability of the child to set the TTL at the parent. ...

not every authority includes the apex NS RRset in its responses. some
only do so in negative answers. some just don't, ever. in that case the
full resolver will not know any NS RRset TTL except from the delegation.
to "mandate" otherwise is to imply that the NS RRset will be queried for
if it is not received in the first answer from the zone's own servers. i
don't think you'd like the impact of that fetch, especially since some
authorities treat NS RRset queries as diagnostic and only permit them
from an ACL-described source, or don't support them at all.

-- 
P Vixie




More information about the dns-operations mailing list