Recursives never examine the SOA MINIMUM field for the purpose of setting a negative TTL, they use the SOA RR TTL, and that decrements normally. Authoritatives are responsible for deriving the SOA RR TTL for negative responses.
What was the rationale for mandating that recursive resolvers must decrement RRs TTLs but not SOA’s (especially the negative caching TTL)?
-
-
-
Also, RFC 2308 cites 2065 (early DNSSEC). So the idea that a signature would authenticate record data already existed at the time 2308 was written, thus a recursive could not edit the SOA record data. If I understand your question correctly.
- 2 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.