On Thu, Feb 08, 2018 at 01:30:04PM +0200, Michelle Konzack wrote: > Hello Harald, > Am 2018-02-08 hackte Reindl Harald in die Tasten: > > you miss the topic > > > > many DNSBL's have a very short TTL and at the same time a limit of > > queries froma single IP until you need to pay for the service > > > > so if you have a inbound MX and the RBL has 2 seconds TTL and a botnet > > is trying to deliver spam to you override the 2 scodn TTL with 90 > > seconds or whatever makes sense reduces the total amount of DNS requests > > dramatically > > Sounds logic. > > And this feature was rejected by the Bind Developers?
If the RRset wants a TTL of N seconds, then that is the authoritative instruction from the owner of the zone about how the data should be used. We have to follow that. The RFCs so far do not allow increasing TTL, though they allow decreasing it. If a DNSBL zone has a TTL of 2 seconds, then talk to the zone owner about why it is so. There ought to be a reason from their perspective why it is set to 2s. Mukund _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users