Time out for a terminology check--"resolver" vs "server".

Jon Lewis jlewis at lewis.org
Sun Feb 14 20:14:01 CST 2010


On Sun, 14 Feb 2010, Larry Sheldon wrote:

> I understand that--but it the TTL is being managed correctly the server
> answering authoritatively ought to stop doing so when the TTL runs out,
> since it will not have had its authority renewed.

That's not how things work.  If you configure bind to be authoratative for 
example.com, your zone file has a serial number, and various other SOA 
fields, some of which tell caching servers how long you'd like them to 
cache hits and misses.  Some will totally ignore those TTLs, but that's an 
entirely different rant.

Now consider example.com moves and the gtld-servers point NS for it at my 
server.  I set it up differently than you did (different NS records, 
different A record IPs, etc.).  Unless you remove example.com from your 
bind config, your server will still think it's authoratative for it.  If 
your server is a locally used caching server and an authoratative server 
(as used to be quite common, esp. for smaller networks), the clients using 
your DNS server will still see the old example.com records from your 
outdated authoratative data.

> The glue and all of that stuff won't expire at TTL=0?

No.  Authoratative data on your server (a locally configured zone) doesn't 
require glue.


> Seems like the zone file shold have been replaced to reflect the
> authority change.

Should have been removed...but if everything that should happen did 
happen, things would be so much simpler.

----------------------------------------------------------------------
  Jon Lewis                   |  I route
  Senior Network Engineer     |  therefore you are
  Atlantic Net                |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________




More information about the NANOG mailing list