Mark Andrews wrote:
On 24 Aug 2018, at 5:13 pm, Paul Vixie<p...@redbarn.org> wrote:
....
tom, (tim,) to be clear, the ttl which must decline is that of the
expiring record (or its rrset, due to atomicity), and not that of
the TIMEOUT RR itself. you cannot hand out an AAAA or PTR (or in
the degenerate case, an A RR) with a TTL of 3600 if it is due to
expire in 600 seconds. that RR has to have its TTL adjusted during
its final authority-TTL interval so that noone has it in cache
beyond the time of its death by expiry.
That’s one way of doing it. Given the DNS is loosely coherent I
really would just leave it as the time the record is removed from the
zone and not play TTL games which require every server for the zone
to support the extension. If you are worried about records being in
the cache too long use a smaller TTL from the start.
that may be nec'y given that this is not a deferred update mechanism,
which is what led in 1996 to the half-life auto-update for propagation.
however, every authority server MUST support the TIMEOUT RR as proposed
-- that's why i proposed that the configuration for it be negotiated via
OPT rather than statically configured as proposed. so, every such server
can have tickdown logic to avoid the bad choice between too-short TTL
and too-stale data.
--
P Vixie
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
