Time-to-Live

Click on the red underlined text to get to the source

... Special Considerations With Time-to-Live ...

... signature is verified. This conflicts with our desire to have the time-to-live field tick down when resource records are cached. ...

... This could be avoided by leaving the time-to-live out of the digital signature, but that would allow unscrupulous servers to set arbitrarily long time to live ...

... arbitrarily long time to live values undetected. Instead, we include the "original" time-to-live in the signature and communicate that data in addition to the current time-to-live ...

... time-to-live in the signature and communicate that data in addition to the current time-to-live. Unscrupulous servers under this scheme can manipulate the time to live but a security ...