On 06/19/2012 04:18 AM, Barry Margolin wrote:
Didn't this used to be a problem? When the caching server queries the cached nameservers, the response would include the old NS records in the Authority section. The caching server would then replaced the cached NS records with these records, resetting the TTL to its full time. As long as it continued performing queries against the old servers before the NS records timed out, the TTLs would keep getting reset, and never expire.
Interesting. I was unaware of this issue, thanks for pointing it out. As Mark mentions in his follow-up, it seems like there are other corner cases where a broken or malicious nameserver can futz up delegations.
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
