15 Čec
2024
15 Čec
'24
22:58
Hi,
It's a hardcoded default of 3600 seconds.
We could simply change the parser to keep the default TTL set within an included zone
file. However, it seems that Bind
parses the zone in the same way as Knot. So it's a tough decision :-)
Daniel
On 15. 07. 24 22:32, Michael Grimm wrote:
Daniel Salzman via knot-dns-users
<knot-dns-users(a)lists.nic.cz> wrote:
The Knot's parser behaviour is as you
described. However, the default TTL in the parent zone file isn't affected
by the default TTL in the included zone file.
I am still trying to understand where that "default TTL in the parent zone
file" is defined?
I expected 1800s in all of my RRs, but ended up in mainly 3600s.
So, where is 3600s defined?
Is there a knob in knot.conf I might have overlooked?
Any feedback is highly appreciated and regards,
Michael
RFC 1035 says:
"Note that a $INCLUDE entry never changes the relative
origin of the parent file, regardless of changes to the relative origin
made within the included file."
So I expect the same should apply to the $TTL directive as well.
What do you and the others think?
Daniel
On 7/13/24 16:25, Michael Grimm via knot-dns-users wrote:
Hi,
I do have the following example zone files definitions:
$ORIGIN example.tld.
$INCLUDE ___TTL_SOA___
and so on
My ___TTL_SOA___ looks as follows:
$TTL 30m ; default expiration time of all resource records without their own TTL value
;
@ IN SOA ns1.example.tld. hostmaster.example.tld. (
2024042100 ; serial (increase after each change)
4h ; refresh (recommended >= 4h)
1h ; retry (recommended >= 1h)
14d ; expire (recommended between 7d and 14d)
600 ; negative caching (former minimum, recommended between 5m and 1d)
)
Note: All of my subsequent $INCLUDDE files do *not* have TTL values set explicitly!
But: I do end up in a mix of TTL values of 1800 and 3600 for my resource records. You can
check that using my domain in my email address.
I found the following thread about this issue at
https://gitlab.nic.cz/knot/knot-dns/-/issues/751 and
https://datatracker.ietf.org/doc/html/rfc2308#section-4 cited therein:
"All resource records appearing after the directive, and which do not explicitly
include a TTL value, have their TTL set to the TTL given in the $TTL directive."
In my understanding Knot's behaviour has been set to follow this standard track.
Thus, I do expect that all of my resource records should have a TTL set to my $TTL
directive of 1800 seconds.
I might have well overlooked something, though.
Any feedback is highly appreciated,
Michael
--
--