[dns-operations] RFC2308, negative answer caching, and the largest gTLDs

[James Stevens]

RFC2308/3 defines the negative-cache TTL as the TTL on the SOA record 
sent in a negative-response - i.e. the less of SOA/TTL and SOA/MIN

2308/3 : "indicates how long a resolver may cache the negative answer"



Where as RFC2308/4 defines the negative-cache TTL as SOA/MIN

2308/4 : "the TTL to be used for negative responses, is the new defined 
meaning of the SOA minimum field"



Where SOA/TTL is less than SOA/MIN this seems to create a conflict as to 
how long to cache negative-responses.






On 07/03/18 23:26, Andrew White wrote:
> Hi all,
> 
> As we Shirley all often do, I was browsing RFC2308 ( 
> https://tools.ietf.org/html/rfc2308 ) and noticed that a caching 
> resolver is supposed to cache negative answers for "x" seconds, where x 
> is the lower of these two values: SOA MIN field and SOA TTL.
> 
> The excerpt in question (emphasis mine):
> 
>     Name servers authoritative for a zone MUST include the SOA record of
>     the zone in the authority section of the response when reporting an
>     NXDOMAIN or indicating that no data of the requested type exists.
>     This is required so that the response may be cached.*The TTL of this record is set from the minimum of the MINIMUM field of 
> the SOA record and the TTL of the SOA itself, and indicates how long a 
> resolver may cache the negative answer.*   The TTL SIG record associated with the
>     SOA record should also be trimmed in line with the SOA's TTL.
> 
> I posit that this implies that a given zone's SOA TTL and SOA MIN should 
> generally be the same.
> 
> However, com/net/org have 900 for SOA TTL and 86400 for SOA MIN. Why?
> 
> Andrew
> 
> 
> 
> 
> 
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-operations mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
>