[dns-operations] TTL=0; Last known good answer (Re: dns retries amplify attack)

Paul Vixie paul at redbarn.org
Mon Oct 24 22:06:13 UTC 2016



Jared Mauch wrote:
> 	I'm wondering if anyone else implements the TTL=0 behavior so we
> can investigate that to keep end-customer impacting issues to a minimum.
> 
> 	I don't want to serve up invalid data, but keeping last known
> with TTL=0 seems a fair response given enough resources to not have
> that answer expired or invalidated with alternate data.

many domain names or rrsets need badly to be taken down, for the good of
the internet. this "use stale data at ttl=0" is exquisitely wrong headed.

-- 
P Vixie




More information about the dns-operations mailing list