The server MUST not violate DNS TTLs

MelindaShore / dnssec-serialization

Internet draft(s) proposing a standard for serialization and transport of dnssec/dane validation chains

0 stars 1 forks source link

The server MUST not violate DNS TTLs #13

Closed MelindaShore closed 8 years ago

MelindaShore commented 9 years ago

From Viktor:

"In Section 5, the server MUST not violate DNS TTLs. The last senetence:

Alternatively, it could be configured to rebuild the chain at some
predefined periodic intervals.

is I fear too much rope. Sure the server can periodically flush its cache (using shorter than possible TTLs), but this does not free it of the obligation to not extend TTLs by relying exclusively on a cache lifetime of its own choosing."

shuque commented 9 years ago

This could use more discussion. I don't think we should rule it out, if there are ways server operators can make intelligent decisions about the periodic intervals for their environment that don't violate TTLs etc. I'll tweak the text a bit to mention this explicitly.

shuque commented 8 years ago

I think the current text sufficiently addresses this.