Some friends of mine who run DNSBLs have this idea to manage the traffic to their servers: some parts of the IP address space are more likely to get infected than others, so when they send back a NXDOMAIN response, they want to adjust the TTL so that addreses that are unlikely to get listed have a longer TTL and addresses that are more likely to become listed have a shorter TTL.
Since the TTL on a negative cache entry comes from the TTL on the SOA returned with the NXDOMAIN, this means that they'll be returning SOAs with different TTLs on different responses. This strikes me as something that's not technically illegal, but that people who write DNS caches didn't anticipate. Is it likely to break anything? Bonus question: with DNSSEC, a cache can use NSEC info to synthesize NXDOMAIN responses for nearby addresses. Will inconsistent TTLs break anything then? If you think this is a stupid idea, please say why. Traffic to DNSBL servers is significant, and traces suggest this will noticably decrease the traffic, so unless it breaks something, it's useful. They realize that there is some possibility of stale data, but that's a given whenever a TTL is greater than zero. Regards, John Levine, jo...@iecc.com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. http://jl.ly PS: If you were planning to say that all DNSBLs stink, don't. We know they do, but the alternative stinks worse. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
