[dns-operations] Who Ignores TTLs ?

Edward Lewis Ed.Lewis at neustar.biz
Thu Feb 17 15:12:13 UTC 2011


At 15:01 +1300 2/17/11, Simon Lyall wrote:
>I keep seeing a persistent complaint that some DNS caching operators
>ignore TTLs or otherwise keep records for longer than the TTL would indicate.

I'll be a pest and point out two examples, which are probably not 
what you have in mind.

Old products - Years ago I knew of some $vendor equipment that 
ignored it, the $vendor fixed it.  The point is not the specific 
equipment, but there will be "old stuff" to watch out for.

Applications just doing their job - SSH does not shut down 
connections when the TTL of the address records involved expires.  I 
mention this to help scope the concern - expired TTL information may 
persist for a long time.  This doesn't sound like your concern, but 
it could make it look like the caches are extending TTLs.  (Same 
applies to DNSSEC signature expiration times, etc.)
-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStar                    You can leave a voice message at +1-571-434-5468

Me to infant son: "Waah! Waah! Is that all you can say?  Waah?"
Son: "Waah!"



More information about the dns-operations mailing list