Re: TTL From Parent or Child Zone?
On 1 Jun 2009, at 02:09, Matthew Dempsky wrote:
> On Sun, Mar 8, 2009 at 4:41 PM, Sabahattin Gucukoglu
> <mail <at> sabahattin-gucukoglu.com> wrote:
>> The data in the parent zone isn't authoritative. If djbdns caches
>> it's wrong, IMHO. It should discard additional data as fast as
>> possible in favour of genuine data from the authoritative servers.
>> This really means that as soon as you've learned the address of a
>> server in additional data, you use it once and then throw the
>> additional data away.
> No, there's no security risk from caching the data, and doing so
> improves performance and decreases load on the DNS.
Well yes, but it also makes your cache inaccurate for the case where
the delegating name server always holds records that dominate the
authoritative data due to long TTLs. RFC 2181 specifically points
this out, and specifically puts additional data right at the bottom of
the list of things to hang onto, with the note that really you
shouldn't be using it for more than pursuing initial queries. Besides
all that, it's the resource records we're interested in, not the
delegation information. That's what we ask name servers for. And of
course there is nothing to stop incidentally provided additional data
from authoritative servers being cached; in some cases this means
apparently redundant queries are asked, but with the assurance that
you're always holding cached data from an authoritative source.
(Zones whose delegation is different from their parents' should be
easier to spot, too.)