In message <aanlktilsbfrzbbauc54wdlqhmkcwlicvzjrdqxcck...@mail.gmail.com>, aldu s jung writes: > Hi, I am hoping to learn more about how BIND v 9.7.0 implements negative > caching of > delegated subdomains. I've tested and found that BIND observes a different > TTL for > name errors than I would expect it to abide by, but that could be my lack > of understanding of what TTL a DNS server is supposed to abide by in this > situation. > > (I've changed the actual domain names as they are only used in our internal > network and > you can't get to it from the internet anyway.) > > We have abc.com that BIND 9.7.0 is authoritative for. > And in named.hosts of (host: bind1.abc.com), we have: > > xyz 30 IN NS dns1.abc.com. > xyz 30 IN NS dns2.abc.com. > > > On bind1.abc.com, if you query for a host that doesn't exist, this is dig's > output: > > dig nohost.xyz.abc.com @bind1.abc.com > ; <<>> DiG 9.3.5-P1 <<>> nohost.xyz.abc.com @bind1.abc.com > ;; global options: printcmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 1298 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 > > ;; QUESTION SECTION: > ;nohost.xyz.abc.com. IN A > > ;; AUTHORITY SECTION: > xyz.abc.com. 10800 IN SOA localhost. admin.abc.com. 1 60 3600 > 604800 3600 > > >From my tests, Bind is observing the '10800' TTL for nohost.xyz.abc.com, not > '3600' that's > in the SOA minimum field. > > The question is why is the TTL of the SOA record used for caching negative > answers, not > the TTL in the SOA minimum field? > > Reading http://www.dns.net/dnsrd/rfc/rfc2308.html, it says: > > "Name servers authoritative for a zone MUST include the SOA record of the > zone in the > authority section of the response when reporting an NXDOMAIN or indicating > that no data > of the requested type exists. This is required so that the response may be > cached. > The TTL of this record is set from the minimum of the MINIMUM field of the > SOA record > and the TTL of the SOA itself, and indicates how long a resolver may cache > the negative answer." > > And that doesn't seem clear to me, as TTL of the negative response is cached > from BOTH the > minimum field and the TTL of the SOA record? > > But in Bind, it seems like it's taking the TTL of the SOA. If anyone has an > explanation to this, > please chime in. thanks. > > AJ
Named honoured the TTL of the negative response it got from the child zone within the bound set by max-ncache-ttl. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
