<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Verdana;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Courier New";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 70.85pt 70.85pt;}
div.WordSection1
{page:WordSection1;}
--></style>
</head>
<body lang="SV" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Courier New";mso-fareast-language:EN-US">RFC 1035 (https://tools.ietf.org/html/rfc1035) says on page 20<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Courier New";mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Courier New";mso-fareast-language:EN-US">Whenever a RR is sent in a response to a<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Courier New";mso-fareast-language:EN-US">query, the TTL field is set to the maximum of the TTL field from the RR<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Courier New";mso-fareast-language:EN-US">and the MINIMUM field in the appropriate SOA.
<span style="background:yellow;mso-highlight:yellow">Thus MINIMUM is a lower<o:p></o:p></span></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Courier New";background:yellow;mso-highlight:yellow;mso-fareast-language:EN-US">bound on the TTL field for all RRs in a zone.</span><span lang="EN-US" style="font-family:"Courier New";mso-fareast-language:EN-US">
Note that this use of<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Courier New";mso-fareast-language:EN-US">MINIMUM should occur when the RRs are copied into the response and not<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Courier New";mso-fareast-language:EN-US">when the zone is loaded from a master file or via a zone transfer.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Courier New";mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Courier New";mso-fareast-language:EN-US">This means that there could be a value of keeping SOA TTL lower than SOA MINIMUM to make negative caching shorter than normal caching.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Courier New";mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Courier New";mso-fareast-language:EN-US">I am not sure, however, that bind has implemented it in this way. I think that it respects whatever TTL that you have set on the RRs in the zone file independent
on the SOA MINIMUM. I cannot find any RFC changing the specification, however.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Courier New";mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Courier New";mso-fareast-language:EN-US">Mats<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Courier New";mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New"">---<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New"">Mats Dufberg<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New"">DNS Specialist, IIS<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New"">Mobile: +46 73 065 3899<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New"">https://www.iis.se/en/<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Courier New";mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span style="font-size:12.0pt;color:black">From: </span></b><span style="font-size:12.0pt;color:black">dns-operations <dns-operations-bounces@dns-oarc.net> on behalf of Andrew White <andrew@vivalibre.com><br>
<b>Date: </b>Wednesday 7 March 2018 at 20:02<br>
<b>To: </b>"dns-operations@dns-oarc.net" <dns-operations@dns-oarc.net><br>
<b>Subject: </b>[dns-operations] RFC2308, negative answer caching, and the largest gTLDs<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><a name="_MailOriginalBody"><span style="font-family:"Verdana",sans-serif">Hi all,<o:p></o:p></span></a></p>
</div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-family:"Verdana",sans-serif">As we Shirley all often do, I was browsing RFC2308 (
</span></span><a href="https://tools.ietf.org/html/rfc2308"><span style="mso-bookmark:_MailOriginalBody"><span style="font-family:"Verdana",sans-serif">https://tools.ietf.org/html/rfc2308</span></span><span style="mso-bookmark:_MailOriginalBody"></span></a><span style="mso-bookmark:_MailOriginalBody"><span style="font-family:"Verdana",sans-serif">
) and noticed that a caching resolver is supposed to cache negative answers for "x" seconds, where x is the lower of these two values: SOA MIN field and SOA TTL.<o:p></o:p></span></span></p>
</div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-family:"Verdana",sans-serif">The excerpt in question (emphasis mine):<o:p></o:p></span></span></p>
<pre><span style="mso-bookmark:_MailOriginalBody"> Name servers authoritative for a zone MUST include the SOA record of<o:p></o:p></span></pre>
<pre><span style="mso-bookmark:_MailOriginalBody"> the zone in the authority section of the response when reporting an<o:p></o:p></span></pre>
<pre><span style="mso-bookmark:_MailOriginalBody"> NXDOMAIN or indicating that no data of the requested type exists.<o:p></o:p></span></pre>
<pre><span style="mso-bookmark:_MailOriginalBody"> This is required so that the response may be cached. <b><span style="background:#FFE599">The TTL of this<o:p></o:p></span></b></span></pre>
<pre><span style="mso-bookmark:_MailOriginalBody"><b><span style="background:#FFE599"> record is set from the minimum of the MINIMUM field of the SOA record<o:p></o:p></span></b></span></pre>
<pre><span style="mso-bookmark:_MailOriginalBody"><b><span style="background:#FFE599"> and the TTL of the SOA itself, and indicates how long a resolver may<o:p></o:p></span></b></span></pre>
<pre><span style="mso-bookmark:_MailOriginalBody"><b><span style="background:#FFE599"> cache the negative answer</span>.</b> The TTL SIG record associated with the<o:p></o:p></span></pre>
<pre><span style="mso-bookmark:_MailOriginalBody"> SOA record should also be trimmed in line with the SOA's TTL.<o:p></o:p></span></pre>
<pre><span style="mso-bookmark:_MailOriginalBody"><o:p> </o:p></span></pre>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-family:"Verdana",sans-serif">I posit that this implies that a given zone's SOA TTL and SOA MIN should generally be the same.<o:p></o:p></span></span></p>
</div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-family:"Verdana",sans-serif">However, com/net/org have 900 for SOA TTL and 86400 for SOA MIN. Why?<o:p></o:p></span></span></p>
</div>
<div>
<p class="MsoNormal"><span style="mso-bookmark:_MailOriginalBody"><span style="font-family:"Verdana",sans-serif">Andrew<o:p></o:p></span></span></p>
</div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span style="mso-bookmark:_MailOriginalBody"><span style="font-family:"Courier New""><br>
<br>
</span></span><span style="mso-bookmark:_MailOriginalBody"><span style="font-family:"Verdana",sans-serif"><o:p></o:p></span></span></p>
</div>
</div>
</div>
</body>
</html>