[dns-operations] [dDoS] Good discussion on the Rackspace attack and DNS resiliency
edmonds at mycre.ws
Tue Dec 30 20:41:11 UTC 2014
David C Lawrence wrote:
> For what it's worth, the "TTLs are inviolable" ship sailed long ago.
> Both ends of the TTL are already monkeyed with by local policy across
> the Internet. BIND has had max-cache-ttl for a very long time. Web
> browsers similarly for a very long time have kept local caches with
> minimum TTLs that the vast majority of people are not even aware.
Capping "excessively long TTLs" is explicitly contemplated by RFC 1035,
More information about the dns-operations