Enforcing minimum TTL...

Grant Taylor gtaylor at tnetconsulting.net
Fri Oct 26 15:41:03 UTC 2018


On 10/26/2018 01:23 AM, Matus UHLAR - fantomas wrote:
> there is not.

Thank you, Matus and Tony, for the direct answer.

> using short TTLs is very risky, and forcing minimum TTL is apparently 
> not way to work around.

Understood.  -  I /think/ that I'm somewhat (dangerously?) informed and 
/choosing/ my own poison.  Maybe.

To be clear, I'm not wanting to artificially lower the TTL.  I want to 
respect any and all TTLs that are longer than my locally administered 
minimum.

My motivation for setting the minimum TTL (while fully accepting any and 
all risk and associated responsibility there for) is to thwart DNS 
Rebinding.  Or to at least make it much more difficult (as in longer 
than my artificial minimum TTL) to do.



-- 
Grant. . . .
unix || die

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3982 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20181026/4b214c34/attachment-0001.bin>


More information about the bind-users mailing list