[dns-operations] TTL=0

bert hubert bert.hubert at powerdns.com
Sun Jan 20 22:54:35 UTC 2019


On Sun, Jan 20, 2019 at 05:34:45PM -0500, Andrew Sullivan wrote:
> > The reason I am asking this question here is not just for academic
> > interest. We have a very real problem in our network at the moment that
> > hinges on who is right. I consider you all to be 'expert witnesses' whose
> > testimony I can potentially use to wave in front of a vendor and prove they
> > are wrong. Hence why I am being really picky in wanting a definitive
> > answer, if there is one.
> 
> I don't understand how any problem in a network could hinge on this,
> but I am sometimes dull of imagination.

This typically happens when (non-open source) vendors refuse to fix
something, or more often, when they actually *can't* fix something (because
they are running on code they don't control or have no idea how to change).

Like a cornered cat, they then try to prove there is no bug and that someone
else should fix it for them.

We've been dragged into a few of such conflicts and it rarely ends well -
even if you end up proving that a vendor is in the wrong, you then find
they _can't_ fix the problem.

The problem is that in some cases you can't make a hard and fast ruling if
something is "compliant".  In addition, something might still be compliant
but also be something you shouldn't do - like handing out TTL=0 answers on
an authoritative server, or conversely, as a DNS resolver, dropping TTL=0
records.

Because of such areas of confusion & vendors that can't or won't fix their
stuff, a number of PowerDNS users run with custom Lua scripts to work around
broken load balancers or strange DNS implementations hiding in storage
fail-over solutions.

But the ground truth is - if you have to do battle with vendors over corner
cases, the problem is rarely with the DNS standard.  It is more likely the
constellation of vendors that is the problem.

	Bert





More information about the dns-operations mailing list