Re: [DNSOP] Measuring DNS TTL clamping in the wild
On Fri, 1 Dec 2017, Steve Crocker wrote: Let me make a guess that the only lengthening that takes place in practice is a floor of ten seconds. Comments? I might be misinterpreting, but from the data presented in the graph in section 3.2 it looks like some will increase TTL to 7200 seconds at the highest. There seems to be large bumps at the 600, 1200 and 1800 second "minimum TTL" capping (if I guess correctly from looking at that graph). It would be interesting to hear what problems these operators are trying to solve by implementing these minimums. 7200 seconds does seem like a pretty high value to lower bound TTLs at. -- Mikael Abrahamssonemail: swm...@swm.pp.se ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] Measuring DNS TTL clamping in the wild
On Sat, 2 dec 2017, Mikael Abrahamsson wrote: > On Fri, 1 Dec 2017, Steve Crocker wrote: > > > Let me make a guess that the only lengthening that takes place in > > practice is a floor of ten seconds. > > > > Comments? > > I might be misinterpreting, but from the data presented in the graph in > section 3.2 it looks like some will increase TTL to 7200 seconds at the > highest. There seems to be large bumps at the 600, 1200 and 1800 second > "minimum TTL" capping (if I guess correctly from looking at that graph). > > It would be interesting to hear what problems these operators are trying > to solve by implementing these minimums. 7200 seconds does seem like a > pretty high value to lower bound TTLs at. Whoah, extending TTL to 2h becomes pretty bad when the name was nefarious and taken down within, say, 15 minutes. That renders a lot of good people's work less useful. BR, -- Åke Nordin , resident Net/Lunix/telecom geek. ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] Measuring DNS TTL Violations in the wild
On Fri, Dec 01, 2017 at 05:16:47PM +, Ólafur Guðmundsson wrote: > On Fri, Dec 1, 2017 at 5:02 PM, Wessels, Duane > wrote: > > > > > > On Dec 1, 2017, at 8:38 AM, Ólafur Guðmundsson > > wrote: > > > > > > I strongly disagree with your "terminology", TTL is a hint about maximum > > caching period, not a demand or a contract. > > > > You say its just a hint. If you put a TTL of 1 hour on your data, and I > > have a recursive name server that reuses it for 2 hours, 12 hours, 5 > > days... thats okay? > > > > If its just a hint then we are we spending all this effort on "serve > > stale"? > > > > DW > > > > > Strictly speaking yes, it is the same as when a Secondary does not update > the zone for a long time. An authoritiative server operator knows what the consequence of setting SOA RDATA fields is. It isn't the same as a cache extending TTL as it sees fit, in spite of the loose coherency among primary and secondaries. I don't agree a downstream cache has authoritiative say about extending TTLs (except exceptional circumstances where the authority is unreachable ~serve-stale). Mukund ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
