At 16:48 -0500 4/24/06, John Kristoff wrote:
I'm hoping someone can clue me in on the issues involving delegation
inconsistency of TTLs. Here is an example zone as seen from the
TLD:
;; ANSWER SECTION:
king.com. 172800 IN NS ns.fjordnetwork.com.
king.com. 172800 IN NS ns.midasplayer.com.
then each authoritative server shows the following:
;; ANSWER SECTION:
king.com. 300 IN NS ns.fjordnetwork.com.
king.com. 300 IN NS ns.midasplayer.com.
If the upper answer is from an IP address that is not authoritative
for king.com and the lower answer is, the lower answer will be
credited with a higher trustworthy value (RFC 2181).
Such a "conflict" is common - you could see different TTLs in caches.
E.g.,
$ dig neustar.biz ns
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
;; QUESTION SECTION:
;neustar.biz. IN NS
;; ANSWER SECTION:
neustar.biz. 1761 IN NS ns2.neulevel.biz.
neustar.biz. 1761 IN NS ns3.neulevel.biz.
neustar.biz. 1761 IN NS ns4.neulevel.biz.
neustar.biz. 1761 IN NS ns1.neulevel.biz.
;; SERVER: 193.0.8.2#53(193.0.8.2)
$ dig @ns4.neulevel.biz neustar.biz ns
;; flags: qr aa rd; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 4
;; ANSWER SECTION:
neustar.biz. 1800 IN NS ns3.neulevel.biz.
neustar.biz. 1800 IN NS ns4.neulevel.biz.
neustar.biz. 1800 IN NS ns1.neulevel.biz.
neustar.biz. 1800 IN NS ns2.neulevel.biz.
;; SERVER: 209.173.57.84#53(209.173.57.84)
It's reasonable for the parent to have different TTLs than the child
for the NS set. RFC2181 takes care of any conflict.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis +1-571-434-5468
NeuStar
Nothin' more exciting than going to the printer to watch the toner drain...
.
dnsop resources:_____________________________________________________
web user interface: http://darkwing.uoregon.edu/~llynch/dnsop.html
mhonarc archive: http://darkwing.uoregon.edu/~llynch/dnsop/index.html