- An authoritative DNS server sends an A record with a TTL of 600 seconds.
- This record is cached by another DNS which in turn replies to a request 599 seconds later for the A record with a 600 second TTL.
Since the client that received the record received a 600 second TTL, shouldn't – in theory – the caching DNS adjust the TTL down to 1 second in order to pass along the true age of the record? The intent of the TTL was to permit records to be changed and repropagated on a known interval, doesn't this potentially double that interval?
Best Answer
No.
The recursive resolver with its cache got at time T a record with a TTL of 600 (seconds). It keeps it in its cache (let us consider it has infinite space - so never a need to evict data in advance - and they are no local policies to mess with the TTL values).
Between T and T+600 the value is in its cache. If it gets any queries for the record, it will give it out with the TTL at the moment the query comes, so if a query came at T+30 the TTL given will be 600 - 30 = 570, and if the query came at T+599 the TTL given will be 600 - 599 = 1
Now what happens at T+600 or more precisely at any time after that, and if a query comes?[1]
The cache will compute the TTL to give to the client and will determine it has become 0 or negative, which just means it expires. So the cache does not have in fact data to reply to the client. So it will remove its cache data, ask again the relevant authoritative nameserver, which will reply hopefully with data, and a TTL (might be 600 again, might be something else), which the resolver will copy in its cache for later and also reply with it to the client that did the request.
[1] there are other scenarios: the cache can decide to pre-emptively requery records that are soon to expire, if deemed "important", just to have them already available if a query comes after.