djbdns
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

NXDOMAIN Negative TTL

from [Michael Shuler] [Permanent Link][Original]
To: dns@list.cr.yp.to
Subject: NXDOMAIN Negative TTL
From: Michael Shuler <mshuler@rackspace.com>
Date: Thu, 22 Feb 2007 12:42:35 -0600
Delivered-to: sp-com-lists@consult.net
Delivered-to: gmail-djbdns@securepoint.com
Delivered-to: sp.com.list@gmail.com
Delivered-to: mailing list dns@list.cr.yp.to
Mailing-list: contact dns-help@list.cr.yp.to; run by ezmlm
User-agent: Thunderbird 1.5.0.9 (X11/20070104) 
I am trying to verify an inconsistency that I am experiencing with
regards to negative TTL (or if I have simply misunderstood something
here).  tinydns is returning the default SOA record TTL on NXDOMAIN queries:

$ dnsq a blah.pbandjelly.org ns.rackspace.com
1 blah.pbandjelly.org:
100 bytes, 1+0+1+0 records, response, authoritative, nxdomain
query: 1 blah.pbandjelly.org
authority: pbandjelly.org 86400 SOA ns.rackspace.com
hostmaster.rackspace.com 2007021615 10800 3600 604800 300

The same query against one of our old BIND servers does provide the
negative TTL:

$ dnsq a blah.pbandjelly.org lbdns1.rackspace.com
1 blah.pbandjelly.org:
100 bytes, 1+0+1+0 records, response, authoritative, nxdomain
query: 1 blah.pbandjelly.org
authority: pbandjelly.org 300 SOA ns.rackspace.com
hostmaster.rackspace.com 2007021615 10800 3600 604800 300

The SOA record for this domain:

Zpbandjelly.org.:ns.rackspace.com.:hostmaster.rackspace.com.:2007021615:10800:3600:604800:300:86400

>From my understanding of RFC 2308, the reply of 86400 is, essentially,
an incorrect answer, and that I should be getting 300 back from the server.

Section 5 - Caching Negative Answers - "As there is no record in the
answer section to which this TTL can be applied, the TTL must be carried
by another method.  This is done by including the SOA record from the
zone in the authority section of the reply.  When the authoritative
server creates this record its TTL is taken from the minimum of the
SOA.MINIMUM field and SOA's TTL."

I may implement a workaround, setting the default SOA TTL to 300, if you
happen to try the above queries - I am more interested in seeing if your
own servers respond similarly to non-existent hosts.  Thanks for your help!

Kind Regards,
Michael Shuler


Confidentiality Notice: This e-mail message (including any attached or
embedded documents) is intended for the exclusive and confidential use of the
individual or entity to which this message is addressed, and unless otherwise
expressly indicated, is confidential and privileged information of Rackspace
Managed Hosting. Any dissemination, distribution or copying of the enclosed
material is prohibited. If you receive this transmission in error, please
notify us immediately by e-mail at abuse@rackspace.com, and delete the
original message. Your cooperation is appreciated.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: djbdns-1.05-epoll + speedup patch, Sami Farin
Next by Date:  Re: NXDOMAIN Negative TTL, Andy Bradford
Previous by Thread:  Too many domains., lists
Next by Thread:  Re: NXDOMAIN Negative TTL, Andy Bradford
Indexes:  [Date] [Thread] [Top] [All Lists]