Time out for a terminology check--"resolver" vs "server".
mysidia at gmail.com
Sun Feb 14 20:24:04 CST 2010
On Sun, Feb 14, 2010 at 7:55 PM, Larry Sheldon <LarrySheldon at cox.net> wrote:
> I understand that--but it the TTL is being managed correctly the server
> answering authoritatively ought to stop doing so when the TTL runs out,
> since it will not have had its authority renewed.
The TTL can never "run out" on an authoritative nameserver, the
TTL given for a query response is always the full TTL of the RR
that a dns admin populated the zone with.
The only way an authoritative nameserver should expire and become
non-authoritative (without administrative action) for a record is the
case where it is a slave server, and it fails to receive updates
from the master for an entire zone before the "EXPIRE" period
defined in the zone's SOA (in seconds) elapses.
After the expire value, then, the zone is no longer authoritative on the slave.
This is normally set to a very large number, such as 604800 or 2419200
(7 or 30 days, respectively).
> The glue and all of that stuff won't expire at TTL=0?
> I'll have to study that a bit.
Which type of glue are you referring to?
TTL only indicates the expiration time of resolver cached information
after the resolver has already returned the complete response.
Additional sections provided expire from resolver cache, when TTL of
the RR in the additional secretion is decremented from zero.
SOAs always have a TTL of zero, anyways.
A TTL of zero just prohibits caching (and some unruly resolvers or
web browsers violate the standard ignore the prohibition against
caching).. DNS pinning, and they call this breach of standard a
Also, BIND implements the EXPIRE value in the SOA.
But other DNS server software applications widely ignore this value,
and the zone stays authoritative on all servers, no matter how much
time elapses between updates (in that case).
More information about the NANOG