[dns-operations] TTL=0; Last known good answer (Re: dns retries amplify attack)

Matthew Pounsett matt at conundrum.com
Tue Oct 25 17:58:24 UTC 2016

On 24 October 2016 at 18:35, Paul Vixie <paul at redbarn.org> wrote:

> the current TTL is 32 bits unsigned, and i'd be very happy to see it
> split into two 16-bit unsigned quantities. TTL longer than 65535 is
> hardly ever operable.
> 65535 seconds is nowhere near long enough.  Typical TTLs for many record
types in many zones are 1 or 2 days.  You need at least 18 bits to get that.

As far as I'm aware, implementations that set a maximum acceptable TTL
default to 1 day, which requires at least 17 bits.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20161025/985ea2ac/attachment.html>

More information about the dns-operations mailing list