Home / server / Questions / 658332
Accepted
Martin
Asked: 2015-01-10 00:51:23 +0800 CST

Understand the TTL in DNS zone SOA record

  • 772

Lets say I create a reverse zone-file for 192.0.2.0/24 network in my DNS server and my DNS server will be the authoritative for reverse-zone 2.0.192.in-addr.arpa. In this reverse zone-file I create Start of Authority record with following parameters:

$ dig @localhost -t SOA 2.0.192.in-addr.arpa. +noall +answer
2.0.192.in-addr.arpa. 604800 IN      SOA     primary-DNS-server secondary-DNS-server 2015010600 28800 7200 1209600 86400
$

Am I correct that the DNS TTL for this reverse-zone is 86400 seconds? And this means that if recursive(caching) name-server asks a PTR record from this zone, then this recursive name-server will cache the result for 86400 seconds?

domain-name-system

2 Answers

  1. Best Answer

    Back in 1997, that would have been one correct SOA record interpretation of several. :) Things were a little more ambiguous back then.

    RFC 2308 reclassified the last field of the SOA record as the negative caching interval, otherwise known as the NCACHE field. RFC2308 §4 is the most applicable here. It not only redefines this as the NCACHE field, but also explains why coding the default TTL into the SOA record would have been misguided to begin with. (emphasis for the latter is in bold)

    4 - SOA Minimum Field

    The SOA minimum field has been overloaded in the past to have three different meanings, the minimum TTL value of all RRs in a zone, the default TTL of RRs which did not contain a TTL value and the TTL of negative responses.

    Despite being the original defined meaning, the first of these, the minimum TTL value of all RRs in a zone, has never in practice been used and is hereby deprecated.

    The second, the default TTL of RRs which contain no explicit TTL in the master zone file, is relevant only at the primary server. After a zone transfer all RRs have explicit TTLs and it is impossible to determine whether the TTL for a record was explicitly set or derived from the default after a zone transfer. Where a server does not require RRs to include the TTL value explicitly, it should provide a mechanism, not being the value of the MINIMUM field of the SOA record, from which the missing TTL values are obtained. How this is done is implementation dependent.

    The Master File format [RFC 1035 Section 5] is extended to include the following directive:

                           $TTL <TTL> [comment]

    All resource records appearing after the directive, and which do not explicitly include a TTL value, have their TTL set to the TTL given in the $TTL directive. SIG records without a explicit TTL get their TTL from the "original TTL" of the SIG record [RFC 2065 Section 4.5].

    The remaining of the current meanings, of being the TTL to be used for negative responses, is the new defined meaning of the SOA minimum field.

    Breaking this down:

    • The last field of the SOA record (NCACHE) specifies how long remote nameservers should cache a negative response if a query results in NXDOMAIN.
    • The default TTL is defined either by a default in the software configuration, or something equivalent to the $TTL directive for text based zone files.
    • As a consequence of this implementation, there is no way to query a remote nameserver via the DNS protocol to determine the default TTL for a zone. $TTL and family are not records, therefore you cannot query for them and they will not survive a zone transfer. (instead, all missing TTLs will be replaced with this value at the time of zone transfer)

    As Andy says, the default TTL is moot if the individual records specify their own TTLs.

    • 9

  2. Almost. The soa record itself has a TTL of 86400 seconds, and depending on the server-side software that will be the default ttl for that zone.

    Individual records within that zone - such as PTR or NS - can have their TTL overridden. I believe that a recursive query for any individual DNS record will return with its own TTL, though I say that based on observation rather than referenced documentation.

    • 2