[Opendnssec-develop] Missing TTLs in zone files

Roy Arends roy at nominet.org.uk
Mon Oct 19 10:59:21 UTC 2009

Matthijs Mekking wrote on 10/19/2009 12:49:36 PM:

> It is implementation dependent, although we should not derive it from
> the Minimum field. (why explicitly not?).
> Our current mechanism is to set the default TTL to 3600, if no $TTL and
> explicit TTL at the RR. The SOA TTL becomes 3600 only if no $TTL and
> explicit TTL at the RR *and* the <SOA><Minimum> is not set in the signer
> configuration.
> So we are conform the specification, is this the mechanism we want?

As I mentioned in another mail, I think we should follow the path of least 
surprised, which includes: (1) not fail hard (exit with error) (2) issue a 
warning (3) use the SOA Minimum value because it was defined the default 
mechanism before 2308, and Its What Others Do. (4) Not issue SOA records 
with zero ttl (at least make them the same as other records) (see below).

How did we came up with 3600 ? (which is fairly short).

How does negative caching algorithms treat an SOA with zero TTL? Doesn't 
it obsolete negative caching, since it needs the SOA for every negative 

Kind regards,

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-develop/attachments/20091019/bbc8d5f1/attachment.htm>

More information about the Opendnssec-develop mailing list