[dns-operations] Who Ignores TTLs ?
Edward Lewis
Ed.Lewis at neustar.biz
Thu Feb 17 15:12:13 UTC 2011
At 15:01 +1300 2/17/11, Simon Lyall wrote:
>I keep seeing a persistent complaint that some DNS caching operators
>ignore TTLs or otherwise keep records for longer than the TTL would indicate.
I'll be a pest and point out two examples, which are probably not
what you have in mind.
Old products - Years ago I knew of some $vendor equipment that
ignored it, the $vendor fixed it. The point is not the specific
equipment, but there will be "old stuff" to watch out for.
Applications just doing their job - SSH does not shut down
connections when the TTL of the address records involved expires. I
mention this to help scope the concern - expired TTL information may
persist for a long time. This doesn't sound like your concern, but
it could make it look like the caches are extending TTLs. (Same
applies to DNSSEC signature expiration times, etc.)
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStar You can leave a voice message at +1-571-434-5468
Me to infant son: "Waah! Waah! Is that all you can say? Waah?"
Son: "Waah!"
More information about the dns-operations
mailing list