Default TTL is 3600 unless $TTL is specified

[bjovereinder]

[Reported by @Habbie]

RFC 1035, Section 5.1, says 'Omitted class and TTL values are default to the last explicitly stated values.'

It appears ldns does not honour that sentence from RFC 1035 - instead it defaults to 3600 if there is no $TTL.

[Habbie]

I think 'SOA MINIMUM' in the issue title should be '3600' :)

[bjovereinder]

You right. May be better TTL should be SOA MINIMUM ...?

[Habbie]

I don't think SOA MINIMUM should be involved at all.

[Jakker]

On May 12, 2021, at 15:33, Benno Overeinder @.***> wrote:

[Reported by @Habbie https://github.com/Habbie]

RFC 1035 https://datatracker.ietf.org/doc/rfc1035/, Section 5.1, says 'Omitted class and TTL values are default to the last explicitly stated values.'

It appears ldns does not honour that sentence from RFC 1035 - instead it defaults to 3600 if there is no $TTL

I remember that the soa minimum got redefined into the TTL for negative caching by RFC 2308. According to Wikipedia, the recommended value is 3600 and they refer to ripe-209. Reading that, but doesn't really seem to recommend any value.

jaap

[Habbie]

Indeed 2038 un-defines the 'default TTL for records without TTL in the zone' meaning - but I learned today that that meaning never came from 1035. It appears to have come solely from BIND 8's behaviour.

I also note that all tools I looked at, except BIND, have a 3600 default for the case that there is no $TTL -and- no record TTL -and- no previous record to grab a TTL from, so it does seem like we have consensus there, for the case where the admin really gives the software nothing.

[wessels]

FWIW this issue causes problems for ZONEMD. Maybe that's also how @Habbie found it. I'm adding a test case to https://github.com/verisign/zonemd-test-cases

[Habbie]

i think it was unrelated for me, but that's a very good point - implicit semantics are a risk for ZONEMD.

[marka63]

The 22-lots-rr-types ZONEMD test case in https://github.com/verisign/zonemd-test-cases has a bad ZONEMD record (1 1 1 EFC8D45A563B1E858D58060835E25830E9695A983EE21C3F62F89B9C27DB0B6745F9C6213E37EB236847110FD747F705 rather than 1 1 1 664046D77F36F640B1C5297FA56A695C180F9B688C6E8D915EFF8FDAD9B7BBFC00A833B77812B9F0785CC1EBFB57D709 - if my code is correct) because there are records without an explicit TTL field in the test file and they have been set to 3600 for the computation.

The zone file does not have a $TTL so RFC 1035 rules should apply.