Hello, The question is less about TTL, but rather "credibility".
The answer from the root name server are referrals - AA bit in reply is not set; The answer from ns2.google.com. is from an authoritative NS (has the AA bit set). The latter answer has credibility "AUTH", which is the highest --> stored should be the answer from the authoritative NS And think one step further : what if the list of NS's in the parent (the root in this case) is different from the list of NS's at the domain level itself ? The "danger" here is that the name server still has the names in cache (credibility AUTH) but the associated glue records may have timed out (eg because of lower TTL). When there are no more addresses available, the name server should go back via the parent. But if the parent replies with a different list of NS names (then still in the cache), the name server should *refuse* to believe that info (because it still has a better answer). Consequently : since the info is not believed, no answers can be provided for that domain (until the list of names, cached with credibility AUTH, times out itself) --> domain kind of bounces from accessible to inaccessible and back. Cfr http://www.c3.hu/docs/oreilly/tcpip/dnsbind/ch13_02.htm (search for "credibility" - just before the first match there is a Bind (4!) cache dump; A bit dated, for sure, but Bind 4 still shows credibility in the cache dump. I think Bind 8 does as well, have not found yet were Bind 9 shows this ?) Morale : referral in parent should be identical to (or be a subset) of NS records at domain level. Kind regards, Marc Lampo Security Officer EURid (for .eu) -----Original Message----- From: MontyRee [mailto:chulm...@hotmail.com] Sent: 12 January 2012 10:10 AM To: bind-users@lists.isc.org Subject: which NS record will be cached? Hi, all. I have one question about NS cache ttl. for example, I can get two different NS TTL like below. $ dig google.com ns +trace google.com. 172800 IN NS ns2.google.com. google.com. 172800 IN NS ns1.google.com. google.com. 172800 IN NS ns3.google.com. google.com. 172800 IN NS ns4.google.com. ;; Received 164 bytes from 192.5.6.30#53(a.gtld-servers.net) in 173 ms google.com. 345600 IN NS ns4.google.com. google.com. 345600 IN NS ns1.google.com. google.com. 345600 IN NS ns2.google.com. google.com. 345600 IN NS ns3.google.com. ;; Received 164 bytes from 216.239.34.10#53(ns2.google.com) in 43 ms so, on resolving DNS, which NS record TTL will be cached generally? 172800 or 345600? Thanks in advance. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
