On 30/03/2011 9:30 AM, Paul Wouters wrote: > On Wed, 30 Mar 2011, W.C.A. Wijngaards wrote: > >>> I read that as: if the record is authenticated, put it in the cache and >>> use it until the TTL has expired. >> >> Actually unbound caps the TTL so it does not extend beyond the >> expiration time. > > Interesting. Isn't that dangerous? It could cause peak loads if all > resolvers worldwide throw away the record at the exact same time... > > Paul The section to read is 5.3.3 last paragraph: If the resolver accepts the RRset as authentic, the validator MUST set the TTL of the RRSIG RR and each RR in the authenticated RRset to a value no greater than the minimum of: o the RRset's TTL as received in the response; o the RRSIG RR's TTL as received in the response; o the value in the RRSIG RR's Original TTL field; and o the difference of the RRSIG RR's Signature Expiration time and the current time.