Well, yes, you have to flush the cache after you lower the TTL, of course. Like you said, if he's not got access to the DNS server(s), it's a moot point, and your suggestion is better.
Simon Hobson wrote: > Tobias J Kreidl wrote: >> If you have access to the DNS server(s), you can always set the TTL down >> to 5 minutes or so, if that cached value is a problem, and once clear, >> set it back up to a reasonable value. > > He won't have access to the servers running the blacklist domain. But > if he has control over the local caching resolver he's using then he > can flush the cache in that (rndc flush) which would have the desired > effect. > > BTW - lowering the TTL after someone has cached the results of a > lookup won't help. Their cache will just return the cached entry > until the TTL in effect when it was looked up expires - it will only > then do another lookup and get the new TTL. > _______________________________________________ Users mailing list [email protected] http://lists.policyd.org/mailman/listinfo/users
