[dns-operations] TTL=0

[Andrew Sullivan]

On Sat, Jan 19, 2019 at 07:37:40AM +0000, Greg Choules wrote:

> I know that the minimum value possible for TTL is zero.

Ok.  So, we are in agreement that a 0 TTL is possible.  Your question
is merely what a resolver with a cache ought to do around the 0 TTL
threshold then?

> My question is about the behaviour of a recursive server that already has a
> record in its cache with a non-zero TTL, which it is counting down.
> If it receives a query for that record at the instant its internal logic
> would turn TTL=1 to TTL=0, should that server answer with TTL=0 or not?

I think this is implementation-dependent.  One way to think of such a
resolver is that it has a resolution side, a cache side, and a
responder side (so it has three sides).  From the responder side,
there _isn't_ an "instant" when the internal logic counts down.
Instead, it asks a question, and the cache+resolution sides provide an
answer that the responder side can use.

Now, caches can handle their internal state how they want, including
by expiring things before the TTL counts to 0: the TTL does not mean
"cache this long" but rather "cache no longer than this".  Some caches
these days will re-fetch a near-0 RRset before the TTL gets to 0 in
case the RRset is "hot" because that will prevent a cache miss and
required resolution event in mid-query.

> The reason I am asking this question here is not just for academic
> interest. We have a very real problem in our network at the moment that
> hinges on who is right. I consider you all to be 'expert witnesses' whose
> testimony I can potentially use to wave in front of a vendor and prove they
> are wrong. Hence why I am being really picky in wanting a definitive
> answer, if there is one.

I don't understand how any problem in a network could hinge on this,
but I am sometimes dull of imagination.

A

-- 
Andrew Sullivan
ajs at anvilwalrusden.com