[dns-operations] I want a pony^H^H^H^H^H^Hto change the TTL (Was: TLD glue sticks around too long

Mark Andrews marka at isc.org
Tue Dec 6 23:15:04 UTC 2016

In message <58470706.1040308 at redbarn.org>, Paul Vixie writes:
> Stephane Bortzmeyer wrote:
> > On Mon, Dec 05, 2016 at 12:38:58PM -0500,
> >  Andrew Sullivan <ajs at anvilwalrusden.com> wrote 
> >  a message of 17 lines which said:
> > 
> >>> Also, since the resolver uses the TTL from the zone (which is
> >>> authoritative), why worrying about the TTL from the parent?
> >> Not every resolver does that, alas.
> > 
> > Then, we should mandate this behaviour, instead of asking for the
> > ability of the child to set the TTL at the parent. ...
> not every authority includes the apex NS RRset in its responses. some
> only do so in negative answers. some just don't, ever. in that case the
> full resolver will not know any NS RRset TTL except from the delegation.
> to "mandate" otherwise is to imply that the NS RRset will be queried for
> if it is not received in the first answer from the zone's own servers. i
> don't think you'd like the impact of that fetch, especially since some
> authorities treat NS RRset queries as diagnostic and only permit them
> from an ACL-described source, or don't support them at all.

NS queries are part of DNSSEC (see grandparent problem).  Servers
that don't support them are broken.  They are not and never have
been a optional part of a zone just like the SOA record is not a
optional part of a zone.


> -- 
> P Vixie
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-operations mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the dns-operations mailing list