JdeBP> Luckily, no reasonably designed caching proxy DNS server will
JdeBP> cache a resource record set for 60 years. Reasonably designed
JdeBP> caching proxy DNS server softwares place caps on TTLs. Both
JdeBP> Dan Bernstein's "dnscache" and ISC's BIND place an upper bound
JdeBP> of one week on TTLs. Microsoft's DNS server places an upper
JdeBP> bound of one _day_ on TTLs.
AF> So Jonathan, you're saying that even though it's set to 60 years,
AF> MS DNS only recognizes 1 day and won't cache that record any
AF> longer and likewise with BIND's one week limit?
Is this the point where I am supposed to say "Your read-back is correct, Mr
Ryback." ?
Two caveats:
1. This interval is configurable with both ISC's BIND and Microsoft's DNS
server, although it is not in Dan Bernstein's "dnscache". (With ISC's BIND,
it is configurable via the "max-cache-ttl" option in "named.conf". With
Microsoft's DNS server, it is configurable via the "MaxCacheTTL" key in the
registry.) If someone has actually bothered to alter the configuration,
different results will occur. However, it is reasonable to suppose that
someone who has _explicitly_ configured their server to accept TTLs of 60
years will have realized the consequences of doing so, and only has themselves
to blame.
2. Microsoft's KnowledgeBase describes the information about "MaxCacheTTL" as
applying to Windows NT Server version 4. There is no explicit documentation,
of this and several other features, for any later versions of Microsoft's DNS
server. However, the implication of other documentation is that this setting
indeed exists, unchanged, in all later versions of Microsoft's DNS server as
well.