Minimum TTL?
Warren Kumari
warren at kumari.net
Sat Feb 10 19:41:02 UTC 2018
Ok, so I've never used forwarders (actually, that's not strictly true;
I've used them twice, but it was to work around weird issues, and I
felt dirty), but couldn't increasing the TTL cause stupid
configuration issues to become immortal RRs?
I've seen a number of instances where people who *do* forward manage
to make a loop - this works just fine under normal conditions (at
least with BIND's default of "forward first" - resolver A gets a
question for an answer not in it's cache, it asks B, B asks A, after a
few rounds this hits the forward timeout, and one of them recurses to
find the answer. Now the pair (or pathologically, group) has the
answer, and this will decay, just like any other TTL. Eventually it
expires, you get a brief spike as they both ask each other, and the
process repeats.
If TTLs were capped to a minimum, A would time it out, and ask B. B
will respond with e.g 4 seconds, and A will bump that back up to 5. 4
seconds later, B will time out, and will ask A. A still has 1 second
left, to it answers with 1. B helpfully bumps that back to 5, 1 second
later, A expires, and forwards to B, ...
Now, I'm guessing that I'm missing something obvious here (more than
"Well, don't forward and minimum cap TTLs!" and / or "Don't make loops
of forwarders, it's silly"), but I'm not sure what...
W
On Sat, Feb 10, 2018 at 2:42 PM, Matus UHLAR - fantomas
<uhlar at fantomas.sk> wrote:
>>> But to answer your question, off-hand, I'd say that any TTL under 60s is
>>> =
>>> suspicious and any TTL under 10s is almost certainly intentionally =
>>> abusive.
>
>
> On 09.02.18 23:11, John Levine wrote:
>>
>> I hope you're not planning to do much spam filtering.
>
>
> do you have any evidence where enforcing a 5s minumum leads to serious
> problems?
> --
> Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> One OS to rule them all, One OS to find them, One OS to bring them all
> and into darkness bind them _______________________________________________
>
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
I don't think the execution is relevant when it was obviously a bad
idea in the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair
of pants.
---maf
More information about the bind-users
mailing list