Hi Eric, the only thing that came to mind was that we already have
recommended TTL values and yet, it is highly abused with short values.
I did not read the draft yet, but does it touch base with how to
control it or enforce a longer TTL?
I say that based on a last year project to single source our DNS
resolver for an integrated system that was beginning to expand using
different DNS resolvers and APIs and there was a growth of query
duplicity with different caching, including round robin or lack there
of.
TTL/Caching was its anchor for reissuing queries to optimize it and
one of the immediate highlight was the huge amount of low TTLs. What
does disseminate or discriminate these?
--
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com
Eric Osterweil wrote:
Hey list,
So far, we have not gotten a huge amount of feedback on this draft (but thank
you _very_much_ to those that have responded). I think we were really hoping
that people could take a look at the draft and comment before Paris. It
focuses on how resolvers that query large TLD registries can maintain
connectivity during sustained outages at the root (such as from DDoS attacks).
While it may seem topical to some, we were hoping that some of the distinctions
and practices in this draft would be useful in general (such as the distinction
of Infrastructure RR types).
We would all very much appreciate any feedback from the list, thanks!
Eric
On Mar 2, 2012, at 12:56 PM, Eric Osterweil wrote:
Hey everyone,
We have resurrected our draft Improving DNS Service Availability by Using Long
TTL Values, and added some new polish to it. We've taken some feedback from
various people and would love to hear any thoughts other people have.
Thanks!
Eric
Begin forwarded message:
From: internet-dra...@ietf.org
Date: February 23, 2012 7:57:30 AM PST
To: i-d-annou...@ietf.org
Subject: I-D Action: draft-pappas-dnsop-long-ttl-04.txt
Reply-To: internet-dra...@ietf.org
A New Internet-Draft is available from the on-line Internet-Drafts directories.
Title : Improving DNS Service Availability by Using Long TTL
Values
Author(s) : Vasileios Pappas
Eric Osterweil
Filename : draft-pappas-dnsop-long-ttl-04.txt
Pages : 17
Date : 2012-02-23
Due to the hierarchical tree structure of the Domain Name System
[RFC1034][RFC1035], losing all of the authoritative servers that
serve a zone can disrupt services to not only that zone but all of
its descendants. This problem is particularly severe if all the
authoritative servers of the root zone, or of a top level domain's
zone, fail. Although proper placement of secondary servers, as
discussed in [RFC2182], can be an effective means against isolated
failures, it is insufficient to protect the DNS service against a
Distributed Denial of Service (DDoS) attack. This document proposes
to reduce the impact of DDoS attacks against top level DNS servers by
setting long TTL values for NS records and their associated A and
AAAA records. Our proposed changes are purely operational and can be
deployed incrementally.
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-pappas-dnsop-long-ttl-04.txt
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
This Internet-Draft can be retrieved at:
ftp://ftp.ietf.org/internet-drafts/draft-pappas-dnsop-long-ttl-04.txt
_______________________________________________
I-D-Announce mailing list
i-d-annou...@ietf.org
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
