Enforcing minimum TTL...
Grant Taylor
gtaylor at tnetconsulting.net
Fri Oct 26 15:41:03 UTC 2018
On 10/26/2018 01:23 AM, Matus UHLAR - fantomas wrote:
> there is not.
Thank you, Matus and Tony, for the direct answer.
> using short TTLs is very risky, and forcing minimum TTL is apparently
> not way to work around.
Understood. - I /think/ that I'm somewhat (dangerously?) informed and
/choosing/ my own poison. Maybe.
To be clear, I'm not wanting to artificially lower the TTL. I want to
respect any and all TTLs that are longer than my locally administered
minimum.
My motivation for setting the minimum TTL (while fully accepting any and
all risk and associated responsibility there for) is to thwart DNS
Rebinding. Or to at least make it much more difficult (as in longer
than my artificial minimum TTL) to do.
--
Grant. . . .
unix || die
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3982 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20181026/4b214c34/attachment-0001.bin>
More information about the bind-users
mailing list