> On 24 Aug 2018, at 5:13 pm, Paul Vixie <p...@redbarn.org> wrote: > > > > Tom Pusateri wrote: >> I don’t think there is a TTL issue because, as we proposed it, the >> record is never returned in a query. The TTL could always be set to 0 >> for our purposes since it never leaves the authoritative servers. > > tom, (tim,) to be clear, the ttl which must decline is that of the expiring > record (or its rrset, due to atomicity), and not that of the TIMEOUT RR > itself. you cannot hand out an AAAA or PTR (or in the degenerate case, an A > RR) with a TTL of 3600 if it is due to expire in 600 seconds. that RR has to > have its TTL adjusted during its final authority-TTL interval so that noone > has it in cache beyond the time of its death by expiry.
That’s one way of doing it. Given the DNS is loosely coherent I really would just leave it as the time the record is removed from the zone and not play TTL games which require every server for the zone to support the extension. If you are worried about records being in the cache too long use a smaller TTL from the start. -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
