[dns-operations] I want a pony^H^H^H^H^H^Hto change the TTL (Was: TLD glue sticks around too long
Stephane Bortzmeyer
bortzmeyer at nic.fr
Mon Dec 5 17:22:01 UTC 2016
https://blog.cloudflare.com/tld-glue-sticks-around-too-long/
Strange to present it as one of the biggest problems when mitigating
the dDoS. After all, glue records is only for in-zone data, most
domains have little or no glue.
Also, since the resolver uses the TTL from the zone (which is
authoritative), why worrying about the TTL from the parent? On my
Unbound, I do get the authoritative ultra-short TTL:
% dig ns1.cloudflare.net
; <<>> DiG 9.10.3-P4-Debian <<>> ns1.cloudflare.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27418
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;ns1.cloudflare.net. IN A
;; ANSWER SECTION:
ns1.cloudflare.net. 900 IN A 173.245.59.31
ns1.cloudflare.net. 900 IN RRSIG A 13 3 900 (
20161206182041 20161204162041 35273 cloudflare.net.
hYHtruVFvzKIOUZoBY8xiMNwQLBqygAJBtWlUdXs0f03
2wjzxJVatGbqs66WSFNinqg6wBq5t78flybJj/J3Eg== )
;; Query time: 125 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Dec 05 18:20:41 CET 2016
;; MSG SIZE rcvd: 173
More information about the dns-operations
mailing list