kremels at kreme.com
Sat Feb 10 00:26:32 UTC 2018
On 2018-02-08 (08:51 MST), Mukund Sivaraman <muks at isc.org> wrote:
> Also, just for argument's sake, one user wants to extend TTLs to
> 5s. Another wants 60s TTLs. What is OK and what is going too far?
For the record, the issue is not RBLs or legitimate domains, it is spammer scum that set super-low DNS because they are shotgunning spam from a a vast botnet and they want to have maximal impact, so you get a different IP for every spam they send. It is a way of trying to overwhelm a machines tarpits, blacklists, sshguard protections, and others.
But to answer your question, off-hand, I'd say that any TTL under 60s is suspicious and any TTL under 10s is almost certainly intentionally abusive.
But that's just me, giving it maybe 20 seconds of thought.
So now you know the words to our song, pretty soon you'll all be singing
along, when you're sad, when you're lonely and it all turns out wrong...
More information about the bind-users