So the answer is in two parts.
1) An SOA record is required in the AUTHORITY section. The TTL on the
negative answer is established by the TTL on this record.
2) "TTL on this record" means the literal TTL applied to the SOA record,
not e.g. the minimum TTL specified within the SOA record.
--
Fred Morris
On Fri, 5 Apr 2024, Fred Morris wrote:
When people think of "negative response caching" I suspect they're
thinking of NXDOMAIN, but there is another negative response: ANSWER:0.
To some extent this is indistiguishable from a referral, and I'm not
sure that caching of (upward) referrals is a sensible concept on its own.
Testing with BIND 9.12 and 9.18 suggests that ANSWER:0 is not cached at
all, and that each recursive request received results in a query from
the caching resolver to the authoritatives (the authoritative is not
running BIND).
I'd appreciate a pointer to an RFC which specifically discusses this.
I'd also appreciate (from someone who's read the code) a statement of
what the intended semantics are, before I go read the code myself.
Presuming that the ANSWER:0 response is authoritative, is there any
expectation regarding content in the ADDITIONAL or AUTHORITATIVE
sections which affects this behavior? NS? SOA?
Thanks in advance...
--
Fred Morris
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
