Resolver behavior on expired TTLs
Hello everyone, Here's something I hadn't put much thought into until recently--it's never been a problem--how do resolvers behave when they receive a request for an expired entry in the cache, but cannot contact the authoritative nameserver? I'd imagine they return a SERVFAIL, but I could see NXDOMAIN as well. Does anyone know the answer? John ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Resolver behavior on expired TTLs
On 21.02.13 10:38, John Miller wrote: Here's something I hadn't put much thought into until recently--it's never been a problem--how do resolvers behave when they receive a request for an expired entry in the cache, but cannot contact the authoritative nameserver? I'd imagine they return a SERVFAIL, but I could see NXDOMAIN as well. Does anyone know the answer? they should not sent anything but SERVFAIL if they are unable to do the resolution. SERVFAIL should cause the client ask other server, while NXDOMAIN means that the host does not exist and client can stop searching. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. How does cat play with mouse? cat /dev/mouse ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Resolver behavior on expired TTLs
Thanks, Matus. Much appreciated--a SERVFAIL is much better than an NXDOMAIN in this scenario. John On 02/21/2013 10:41 AM, Matus UHLAR - fantomas wrote: On 21.02.13 10:38, John Miller wrote: Here's something I hadn't put much thought into until recently--it's never been a problem--how do resolvers behave when they receive a request for an expired entry in the cache, but cannot contact the authoritative nameserver? I'd imagine they return a SERVFAIL, but I could see NXDOMAIN as well. Does anyone know the answer? they should not sent anything but SERVFAIL if they are unable to do the resolution. SERVFAIL should cause the client ask other server, while NXDOMAIN means that the host does not exist and client can stop searching. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users