Solved

Different between TTL value at zone files

Posted on 2010-08-23
9
1,295 Views
Last Modified: 2012-05-10
;$TT amount of time other DNS servers should keep the local zone information in their remote cache
$TTL    300
;$ORIGIN test.com.
@               IN SOA  test.com. dns-admin.test.org. (
                                        20100726       ; serial
                                        3H              ; refresh
                                        15M             ; retry
                                        1W              ; expiry
                        ;               1D )            ; minimum
                                        600 )          ;600 sec

what is the different between those two TTL 300 & 600?
I think first $TTL 300 is amount of time other DNS servers should keep the local zone information in their remote cache
how about 600?
0
Comment
Question by:rawandnet
  • 4
  • 4
9 Comments
 
LVL 14

Accepted Solution

by:
svgmuc earned 100 total points
Comment Utility
According to http://en.wikipedia.org/wiki/Zone_file:

the first TTL is the minimum caching time in case of failed lookups,
and the zone file TTL is the default TTL for all records.

In my words:

The SOA minimum TTL is the shortest time after which a zone file will be refreshed from the master DNS server or the database/file.

Regardless of success or failure, after the default TTL, a record will be refreshed, unless specified differently in the respective record.

0
 
LVL 70

Assisted Solution

by:Chris Dent
Chris Dent earned 400 total points
Comment Utility

$TTL is used by any record that does not explicitly define a TTL value of its own.

BIND 9 is supposed to use the Minimum TTL as the negative caching time (BIND 8 uses it as the TTL for all records that do not define their own). MS DNS also uses the Minimum TTL as the TTL for any record which does not explicitly declare a TTL.

See "4 - SOA Minimum Field" in RFC 2308:

http://www.ietf.org/rfc/rfc2308.txt

Chris
0
 

Author Comment

by:rawandnet
Comment Utility
Still not clear to me the difference between SOA minimum TTL and master $TTL at top of the zone file.  I am pretty sure that the master $TTL is the one that governs the caching of all my DNS records on nameservers across the Internet, but still not clear to me the reason for having SOA minimum TTL
0
 
LVL 70

Assisted Solution

by:Chris Dent
Chris Dent earned 400 total points
Comment Utility

Formerly it was used in place of $TTL, and it still is for some DNS server implementations (such as MS DNS).

BIND uses it to control negative caching as described in RFC 2308.

Even if it has no purpose the value would remain, if only for backward compatibility. The presence of the TTL in the SOA record is described in RFC 1035:

http://www.ietf.org/rfc/rfc1035.txt

Notice that it describes the value as the default TTL for all records under section 3.3.13.

You can't get away from the RFCs if you're asking about things like that, it boils down to choices made at design time versus adjustments later.

Chris
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 

Author Comment

by:rawandnet
Comment Utility
From internet I found following answer:

The positive caching TTL ($TTL directive) governs the persistence of records that *do* exist in your zone; the negative caching TTL (the value of the last field of the SOA RR) governs the persistence of negative responses, i.e. the persistence of record sets that could but *don't* exist in your zone, so to speak.

> Record that could but *don't* exist in your zone?
How does this happen? does it mean clients asked for record that doesn’t exit, or something was wrong in my zone file,
0
 
LVL 70

Assisted Solution

by:Chris Dent
Chris Dent earned 400 total points
Comment Utility

The NXDOMAIN response, that's the "doesn't exist" response, is cached.

If I run this:

nslookup doesntexist.xyz.com

My locally configured DNS server will cache the NXDOMAIN response to the request for a time. It's rarely longer than a few minutes, for example, the resolver on Windows XP / Vista / 7 will cache negative responses for 5 minutes.

The mechanism exists to save on unnecessary queries when things don't exist. After all, things that do are cached to save on excessive queries, things that don't should be as well.

Chris
0
 

Author Comment

by:rawandnet
Comment Utility
> The mechanism exists to save on unnecessary queries when things don't exist
You do mean unnecessary query from client to my zone file if record doesn’t exit. In other meaning NXDOMAIN will be cached on client machine, for stop sending request to my zone file for a certain of time.

By the way on www.zytrax.com web site it is 3h ; minimum, don’t you think that is long time?
0
 
LVL 70

Assisted Solution

by:Chris Dent
Chris Dent earned 400 total points
Comment Utility

NXDOMAIN will be cached on both the client and the requesting server.

If I had this chain:

me   --> My Local DNS Server --> Your DNS Server

Then both "me" and "My Local DNS Server" would cache the NX Domain response. Yours wouldn't because your server is supplying me with the answer.

It is a long time, but is that a problem? It only will be if you're expecting a lot of new records within your zone.

You'll find that each DNS server implementation maintains a different maximum value for the negative cache, overriding yours if yours is longer. For instance, BIND defaults to 3 hours, and can be configured to use a different value with max-ncache-ttl (named.conf). MS DNS, like the client resolver, will cache for a maximum of 5 minutes by default.

Chris
0
 

Author Closing Comment

by:rawandnet
Comment Utility
thanks
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Most DNS problems are VERY easily troubleshot and identifiable if you can follow the steps a DNS query takes. I would like to share the step-by-step a DNS query takes from the origin to the destination. _____________________________________________…
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now