Enforcing minimum TTL...
Brian Greer
viridiancube at gmail.com
Fri Oct 26 17:11:06 UTC 2018
You could setup a DNSMASQ / Unbound service as a front end, which then queried bind. Both of those allow the setting of a minimum TTL (max of 3600 seconds in DNSMASQ). It cannot be done with bind by itself.
> On Oct 26, 2018, at 11:41, Grant Taylor via bind-users <bind-users at lists.isc.org> wrote:
>
> On 10/26/2018 01:23 AM, Matus UHLAR - fantomas wrote:
>> there is not.
>
> Thank you, Matus and Tony, for the direct answer.
>
>> using short TTLs is very risky, and forcing minimum TTL is apparently not way to work around.
>
> Understood. - I /think/ that I'm somewhat (dangerously?) informed and /choosing/ my own poison. Maybe.
>
> To be clear, I'm not wanting to artificially lower the TTL. I want to respect any and all TTLs that are longer than my locally administered minimum.
>
> My motivation for setting the minimum TTL (while fully accepting any and all risk and associated responsibility there for) is to thwart DNS Rebinding. Or to at least make it much more difficult (as in longer than my artificial minimum TTL) to do.
>
>
>
> --
> Grant. . . .
> unix || die
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
More information about the bind-users
mailing list