[dns-operations] TTL=0

John W. O'Brien john at saltant.com
Sun Jan 20 20:30:58 UTC 2019

On 2019/01/20 14:27, Matthew Pounsett wrote:
> For the moment, ignoring the case where an authoritative server answer
> with TTL=0... say for the sake of argument it responds with TTL=1.  The
> caching server should cache it for one second, and after one second
> should remove it from the cache.  Therefore, it should never respond
> from cache with a TTL of 0.

At t0 the resolver receives an authoritative answer with TTL=1 and
caches it, then at t1=t0+10ms receives a query for that record. Should
it respond from cache with TTL=1 or TTL=0? What about for a query
t2=t0+500ms? t3=t0+501ms? t4=t0+999ms? What should a forwarding resolver
do with a response from a full recursor having TTL=1? Is the TTL in the
response rounded up or down from the cache timer, which presumably has
much finer than 1s resolution?

If the resolver rounds up, then it will serve with TTL=1 throughout the
last second a record is served from the cache. A downstream cache might
then cache it for almost another full second beyond what the authority
intended, a third tier cache for almost another full second beyond that,
and so forth.

If the resolver rounds down, then it will serve from the cache with
TTL=0 throughout the last second. No downstream resolver will cache
answers during that last second. The expiration deadline specified by
the authority is respected.

It seems to me that TTL=0 is a perfectly cromulent value on the wire,
either from an authority or a resolver.

John W. O'Brien
OpenPGP keys:

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20190120/be3f0cc9/attachment.sig>

More information about the dns-operations mailing list