[dns-operations] Opinions sought .... have I come to the right place?
Edward Lewis
ed.lewis at neustar.biz
Thu Nov 7 14:52:57 UTC 2013
I've been studying TTL settings off and on for a few weeks, trying to decide what are appropriate numbers.
In the past we taught the trade-off as - longer TTLs will reduce queries while shorter TTLs will enable agility.
In looking at a set of data with a long TTL - 6 days - over a period of time I noticed that 0.005% of all queriers respected the TTL setting I had. I don't want to fork over details, so you can even say "0.005% +/- 5%" and in any case, it's small. I'll admit by number here might be a little bit of an undercount, still, it's little.
In experimenting with some recursive servers (and by no means an exhaustive set), some code bases did adhere to the "rules" and some code bases seem to ignore the "rules." I say this to the extent that the collective set of deployed tools out there pretty much are eating into the "longer TTLs will reduce queries" part of the above trade-off.
I see that in the IETF there are drafts to pre-fetch expiring data sets - which one can't argue with - but it makes, for an authoritative server operator - even more uncertainty in planning TTLs.
And I'll throw in another factoid from history. During DNSSEC workshops eons ago, we found that is the TTLs got too low, DNSSEC had problems. (Presumably because it took longer to fetch the chain than the TTL of the queried data.) Has anyone found a TTL to be too low for DNSSEC?
So, I'm turning to this list...what is a good range for TTLs?
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStar You can leave a voice message at +1-571-434-5468
Why is it that people who fear government monitoring of social media are
surprised to learn that I avoid contributing to social media?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20131107/ad0c824c/attachment.html>
More information about the dns-operations
mailing list