muks at isc.org
Thu Feb 8 15:34:41 UTC 2018
On Thu, Feb 08, 2018 at 01:30:04PM +0200, Michelle Konzack wrote:
> Hello Harald,
> Am 2018-02-08 hackte Reindl Harald in die Tasten:
> > you miss the topic
> > many DNSBL's have a very short TTL and at the same time a limit of
> > queries froma single IP until you need to pay for the service
> > so if you have a inbound MX and the RBL has 2 seconds TTL and a botnet
> > is trying to deliver spam to you override the 2 scodn TTL with 90
> > seconds or whatever makes sense reduces the total amount of DNS requests
> > dramatically
> Sounds logic.
> And this feature was rejected by the Bind Developers?
If the RRset wants a TTL of N seconds, then that is the authoritative
instruction from the owner of the zone about how the data should be
used. We have to follow that. The RFCs so far do not allow increasing
TTL, though they allow decreasing it.
If a DNSBL zone has a TTL of 2 seconds, then talk to the zone owner
about why it is so. There ought to be a reason from their perspective
why it is set to 2s.
More information about the bind-users