On Thursday 14 February 2019 22:41:56 CET, Bob Harold wrote:
The draft assumes typical TTL is a week, but what I see in the root zone is:
....
I hoped noone would notice. It's good rather than bad, overall, but it complicates the description.
A good resolver verifies DNSSEC, so the two-day RRs tend to be kept alive for as long as the six-day RRs are. Once the six-day RRs are discarded from the resolver's cache, the two-day RRs are no longer needed for verification, and after about a month they cease being refreshed.
In effect, the six-day RRs (typically NS records) have an average lifetime of slightly less than three months after the last use, and the supporting DNSSEC RRs of slightly more than four months after the last time the NS is needed.
The SOA record is a special case, but IMO too minor to matter. The focus here is to eliminate root-zone queries as a significant delay factor for day-to-day DNS use, without introducing additional moving parts such as humans or crontabs downloading zone files. Caching one SOA too long or too short won't make much difference.
Arnt _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
