[dns-operations] I want a pony^H^H^H^H^H^Hto change the TTL (Was: TLD glue sticks around too long

Olafur Gudmundsson ogud at ogud.com
Wed Dec 7 21:41:26 UTC 2016


> On Dec 5, 2016, at 1:25 PM, Suzanne Woolf <suzworldwide at gmail.com> wrote:
> 
> 
>> On Dec 5, 2016, at 12:38 PM, Andrew Sullivan <ajs at anvilwalrusden.com <mailto:ajs at anvilwalrusden.com>> wrote:
>> 
>> On Mon, Dec 05, 2016 at 06:22:01PM +0100, Stephane Bortzmeyer wrote:
>>> Also, since the resolver uses the TTL from the zone (which is
>>> authoritative), why worrying about the TTL from the parent?
>> 
>> Not every resolver does that, alas.
> 
> In fact I’m curious how the Cloudflare findings square with:
> 
> In section 6.3(“DITL Analysis”), the results indicate that time intervals between queries under the same TLD are highly skewed toward small values. Most root server clients appear to send same-TLD queries at rates far higher than would be predicted by strict caching based on root zone TTLs. In other words, root zone TTLs appear not to matter to most clients. Of the top 20 TLDs, more than 50% of clients send same-TLD queries more than once per hour.
> 
> from https://www.icann.org/en/system/files/files/rssac-003-root-zone-ttls-21aug15-en.pdf <https://www.icann.org/en/system/files/files/rssac-003-root-zone-ttls-21aug15-en.pdf> (“RSSAC003 RSSAC Report on Root Zone TTLs”) which was undertaken by a group of DNS experts, at the behest of ICANN’s Root Server System Advisory Committee, in order to decide whether to recommend a change in the TTL in the root zone SOA.
> 
> The root zone TTL is multiple days and the question at hand has to do with much smaller time scales, so that may be a key difference. Or it might simply be that (again, and weirdly) “the root is different.” 
> 
> But this seems a bit baffling as to what resolvers are actually doing with TTLs. 
> 
> 
> Suzanne
> 

Because most resolvers either have a maximum time they cache information for,
or information got evicted from cache due to reuse policy. 
In some cases there might be multiple resolvers sitting behind a NAT
and finally some resolver fetch NS from TLD and thus visit root based on the TLD’s policy. 

TTL means “you can cache this for upto and no longer” 
There is no requirement to cache for as long as the TTL 

Olafur


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20161207/3b00f8fb/attachment.html>


More information about the dns-operations mailing list