A friend (really) asks this question: they have some DNSBLs, which get a lot of queries. Sometimes the answer has A or TXT records, meaning the corresponding address is listed in the DNSBL, sometimes it's NXDOMAIN which means the address isn't.
For addresses that aren't listed, some of the NXDOMAINs are a lot less likely to change than others, e.g, the address of an outbound mail server at a large mail provider is unlikely ever to be listed, but a random host at a hosting provider in India, who knows. So he'd like to have the TTLs on some of those NXDOMAINs be longer than others, by putting a different TTL in the SOA in the authority section. The DNS server isn't BIND, coding this up is easy enough. The question is what's likely to break at the other end. Question: what will BIND's cache do if there are inconsistent SOAs for NXDOMAINS in the same zone? Bonus question: how does this answer change if we ever do DNSSEC? (Since the server alrady generates the RRs on the fly, you can assume it will do online signing.) TIA and all that, _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
