[dns-operations] TTL=0; Last known good answer (Re: dns retries amplify attack)
Matthew Pounsett
matt at conundrum.com
Tue Oct 25 17:58:24 UTC 2016
On 24 October 2016 at 18:35, Paul Vixie <paul at redbarn.org> wrote:
>
> the current TTL is 32 bits unsigned, and i'd be very happy to see it
> split into two 16-bit unsigned quantities. TTL longer than 65535 is
> hardly ever operable.
>
> 65535 seconds is nowhere near long enough. Typical TTLs for many record
types in many zones are 1 or 2 days. You need at least 18 bits to get that.
As far as I'm aware, implementations that set a maximum acceptable TTL
default to 1 day, which requires at least 17 bits.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20161025/985ea2ac/attachment.html>
More information about the dns-operations
mailing list