[dns-operations] Who Ignores TTLs ?

Edward Lewis Ed.Lewis at neustar.biz
Thu Feb 17 15:12:13 UTC 2011

At 15:01 +1300 2/17/11, Simon Lyall wrote:
>I keep seeing a persistent complaint that some DNS caching operators
>ignore TTLs or otherwise keep records for longer than the TTL would indicate.

I'll be a pest and point out two examples, which are probably not 
what you have in mind.

Old products - Years ago I knew of some $vendor equipment that 
ignored it, the $vendor fixed it.  The point is not the specific 
equipment, but there will be "old stuff" to watch out for.

Applications just doing their job - SSH does not shut down 
connections when the TTL of the address records involved expires.  I 
mention this to help scope the concern - expired TTL information may 
persist for a long time.  This doesn't sound like your concern, but 
it could make it look like the caches are extending TTLs.  (Same 
applies to DNSSEC signature expiration times, etc.)
Edward Lewis
NeuStar                    You can leave a voice message at +1-571-434-5468

Me to infant son: "Waah! Waah! Is that all you can say?  Waah?"
Son: "Waah!"

More information about the dns-operations mailing list