Minimum TTL?

Warren Kumari warren at
Sat Feb 10 19:41:02 UTC 2018

Ok, so I've never used forwarders (actually, that's not strictly true;
I've used them twice, but it was to work around weird issues, and I
felt dirty), but couldn't increasing the TTL cause stupid
configuration issues to become immortal RRs?

I've seen a number of instances where people who *do* forward manage
to make a loop - this works just fine under normal conditions (at
least with BIND's default of "forward first" - resolver A gets a
question for an answer not in it's cache, it asks B, B asks A, after a
few rounds this hits the forward timeout, and one of them recurses to
find the answer. Now the pair (or pathologically, group) has the
answer, and this will decay, just like any other TTL. Eventually it
expires, you get a brief spike as they both ask each other, and the
process repeats.

If TTLs were capped to a minimum, A would time it out, and ask B. B
will respond with e.g 4 seconds, and A will bump that back up to 5. 4
seconds later, B will time out, and will ask A. A still has 1 second
left, to it answers with 1. B helpfully bumps that back to 5, 1 second
later, A expires, and forwards to B, ...

Now, I'm guessing that I'm missing something obvious here (more than
"Well, don't forward and minimum cap TTLs!" and / or "Don't make loops
of forwarders, it's silly"), but I'm not sure what...


On Sat, Feb 10, 2018 at 2:42 PM, Matus UHLAR - fantomas
<uhlar at> wrote:
>>> But to answer your question, off-hand, I'd say that any TTL under 60s is
>>> =
>>> suspicious and any TTL under 10s is almost certainly intentionally =
>>> abusive.
> On 09.02.18 23:11, John Levine wrote:
>> I hope you're not planning to do much spam filtering.
> do you have any evidence where enforcing a 5s minumum leads to serious
> problems?
> --
> Matus UHLAR - fantomas, uhlar at ;
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
>    One OS to rule them all, One OS to find them, One OS to bring them all
> and into darkness bind them _______________________________________________
> Please visit to
> unsubscribe from this list
> bind-users mailing list
> bind-users at

I don't think the execution is relevant when it was obviously a bad
idea in the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair
of pants.

More information about the bind-users mailing list