Ok, so I've never used forwarders (actually, that's not strictly true; I've used them twice, but it was to work around weird issues, and I felt dirty), but couldn't increasing the TTL cause stupid configuration issues to become immortal RRs?
I've seen a number of instances where people who *do* forward manage to make a loop - this works just fine under normal conditions (at least with BIND's default of "forward first" - resolver A gets a question for an answer not in it's cache, it asks B, B asks A, after a few rounds this hits the forward timeout, and one of them recurses to find the answer. Now the pair (or pathologically, group) has the answer, and this will decay, just like any other TTL. Eventually it expires, you get a brief spike as they both ask each other, and the process repeats. If TTLs were capped to a minimum, A would time it out, and ask B. B will respond with e.g 4 seconds, and A will bump that back up to 5. 4 seconds later, B will time out, and will ask A. A still has 1 second left, to it answers with 1. B helpfully bumps that back to 5, 1 second later, A expires, and forwards to B, ... Now, I'm guessing that I'm missing something obvious here (more than "Well, don't forward and minimum cap TTLs!" and / or "Don't make loops of forwarders, it's silly"), but I'm not sure what... W On Sat, Feb 10, 2018 at 2:42 PM, Matus UHLAR - fantomas <uh...@fantomas.sk> wrote: >>> But to answer your question, off-hand, I'd say that any TTL under 60s is >>> = >>> suspicious and any TTL under 10s is almost certainly intentionally = >>> abusive. > > > On 09.02.18 23:11, John Levine wrote: >> >> I hope you're not planning to do much spam filtering. > > > do you have any evidence where enforcing a 5s minumum leads to serious > problems? > -- > Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ > Warning: I wish NOT to receive e-mail advertising to this address. > Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. > One OS to rule them all, One OS to find them, One OS to bring them all > and into darkness bind them _______________________________________________ > > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- I don't think the execution is relevant when it was obviously a bad idea in the first place. This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants. ---maf _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
