On Fri, Feb 15, 2019 at 7:49 AM Arnt Gulbrandsen <a...@gulbrandsen.priv.no> wrote:
> On Thursday 14 February 2019 22:41:56 CET, Bob Harold wrote: > > The draft assumes typical TTL is a week, but what I see in the root zone > is: > ... > > I hoped noone would notice. It's good rather than bad, overall, but it > complicates the description. > > A good resolver verifies DNSSEC, so the two-day RRs tend to be kept alive > for as long as the six-day RRs are. Once the six-day RRs are discarded > from > the resolver's cache, the two-day RRs are no longer needed for > verification, and after about a month they cease being refreshed. > > In effect, the six-day RRs (typically NS records) have an average > lifetime of slightly less than three months after the last use, and the supporting > DNSSEC RRs of slightly more than four months after the last time the NS is > needed. > > The SOA record is a special case, but IMO too minor to matter. The focus > here is to eliminate root-zone queries as a significant delay factor for > day-to-day DNS use, without introducing additional moving parts such as > humans or crontabs downloading zone files. Caching one SOA too long or too > short won't make much difference. > > Arnt > No, the NS records and DNSSEC records only have two days. There are no 6-day records, except the X.root-servers.net <http://x.root-servers.net/> entries, which do not apply here. -- Bob Harold
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
