Matus UHLAR - fantomas
uhlar at fantomas.sk
Sat Feb 10 20:13:19 UTC 2018
>>>> But to answer your question, off-hand, I'd say that any TTL under 60s is
>>>> suspicious and any TTL under 10s is almost certainly intentionally =
>> On 09.02.18 23:11, John Levine wrote:
>>> I hope you're not planning to do much spam filtering.
>On Sat, Feb 10, 2018 at 2:42 PM, Matus UHLAR - fantomas
><uhlar at fantomas.sk> wrote:
>> do you have any evidence where enforcing a 5s minumum leads to serious
On 10.02.18 19:41, Warren Kumari wrote:
>Ok, so I've never used forwarders (actually, that's not strictly true;
>I've used them twice, but it was to work around weird issues, and I
>felt dirty), but couldn't increasing the TTL cause stupid
>configuration issues to become immortal RRs?
we are talking about min-ttl around 10 seconds.
>I've seen a number of instances where people who *do* forward manage
>to make a loop - this works just fine under normal conditions (at
>least with BIND's default of "forward first" - resolver A gets a
>question for an answer not in it's cache, it asks B, B asks A, after a
>few rounds this hits the forward timeout, and one of them recurses to
>find the answer. Now the pair (or pathologically, group) has the
>answer, and this will decay, just like any other TTL. Eventually it
>expires, you get a brief spike as they both ask each other, and the
>If TTLs were capped to a minimum, A would time it out, and ask B. B
>will respond with e.g 4 seconds, and A will bump that back up to 5. 4
>seconds later, B will time out, and will ask A. A still has 1 second
>left, to it answers with 1. B helpfully bumps that back to 5, 1 second
>later, A expires, and forwards to B, ...
>Now, I'm guessing that I'm missing something obvious here (more than
>"Well, don't forward and minimum cap TTLs!" and / or "Don't make loops
>of forwarders, it's silly"), but I'm not sure what...
OTOH, I have encountered case where CISCO ALG changed A recods and set TTL
to 0, later admin was complaining about huge number of DNS queries causing
high load on the router...
there are many ways to fsck things up, and many ways wayt so avoid that.
forcing min-ttl is way to avoid one, although it can cause what you
describe. But I do not create loops and would like a possibility to avoid
the latter case.
Note that I am able to coifigure BIND to avoid loops, but I can't affect
CISCO ALG ...
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
- Have you got anything without Spam in it?
- Well, there's Spam egg sausage and Spam, that's not got much Spam in it.
More information about the bind-users