Minimum TTL?

Reindl Harald h.reindl at
Thu Feb 8 15:39:36 UTC 2018

Am 08.02.2018 um 16:34 schrieb Mukund Sivaraman:
> On Thu, Feb 08, 2018 at 01:30:04PM +0200, Michelle Konzack wrote:
>> Hello Harald,
>> Am 2018-02-08 hackte Reindl Harald in die Tasten:
>>> you miss the topic
>>> many DNSBL's have a very short TTL and at the same time a limit of
>>> queries froma single IP until you need to pay for the service
>>> so if you have a inbound MX and the RBL has 2 seconds TTL and a botnet
>>> is trying to deliver spam to you override the 2 scodn TTL with 90
>>> seconds or whatever makes sense reduces the total amount of DNS requests
>>> dramatically
>> Sounds logic.
>> And this feature was rejected by the Bind Developers?
> If the RRset wants a TTL of N seconds, then that is the authoritative
> instruction from the owner of the zone about how the data should be
> used. We have to follow that. The RFCs so far do not allow increasing
> TTL, though they allow decreasing it.
> If a DNSBL zone has a TTL of 2 seconds, then talk to the zone owner
> about why it is so. There ought to be a reason from their perspective
> why it is set to 2s

so what - nobody can force me to ask him the same question every 2 
seconds and as long it's a local resolver for my own services the one i 
have to ask about any why in doubt is the person i face in the mirror 
every morning

yes, you are free to decide that named don't need to support the users 
wish of such a feature. but the result is that the user stops to use 
named at all on a inbound-mailserver and is done

More information about the bind-users mailing list