[dns-operations] [dDoS] Good discussion on the Rackspace attack and DNS resiliency

Robert Edmonds edmonds at mycre.ws
Tue Dec 30 20:41:11 UTC 2014

David C Lawrence wrote:
> For what it's worth, the "TTLs are inviolable" ship sailed long ago.
> Both ends of the TTL are already monkeyed with by local policy across
> the Internet.  BIND has had max-cache-ttl for a very long time.  Web
> browsers similarly for a very long time have kept local caches with
> minimum TTLs that the vast majority of people are not even aware.

Capping "excessively long TTLs" is explicitly contemplated by RFC 1035,

Robert Edmonds

More information about the dns-operations mailing list