[dns-operations] EC2 resolver changing TTL on DNS answers?
Andrew Sullivan
ajs at crankycanuck.ca
Tue Nov 28 15:15:50 UTC 2017
What's wrong with this? The TTL isn't an instruction, it's a constraint.
"Don't cache longer than $ttl," not, "Cache for $ttl." Indeed, this
distinction is one of the factors some of us worried about with RRL.
A
--
Please excuse my clumbsy thums
----------
On November 28, 2017 8:34:50 AM "Giovane C. M. Moura"
<giovane.moura at sidn.nl> wrote:
> Hi,
>
> Anyone from Amazon here? Just came across this: resolvers at EC2
> (Northern California) seem to change the TTL of DNS records.
>
> Just curious about why this is happening.
>
> To reproduce:
>
> 1. Querying from my laptop:
>
> giovane at laptop:~$ dig ns nl
>
> nl. 172800 IN NS ns1.dns.nl.
> nl. 172800 IN NS ns-nl.nic.fr.
> nl. 172800 IN NS ns2.dns.nl.
> nl. 172800 IN NS sns-pb.isc.org.
> nl. 172800 IN NS ns3.dns.nl.
> nl. 172800 IN NS nl1.dnsnode.net.
> nl. 172800 IN NS ns5.dns.nl.
> nl. 172800 IN NS ns4.dns.nl.
>
> In this query, every NS has a TTL on 172800, as in the root zone[1].
> That's how it should be.
>
> 2. Querying from Amazon EC2 (Northern California):
>
> [ec2-user at ip-172-31-6-139 ~]$ dig ns nl
>
> nl. 60 IN NS ns5.dns.nl.
> nl. 60 IN NS ns-nl.nic.fr.
> nl. 60 IN NS sns-pb.isc.org.
> nl. 60 IN NS nl1.dnsnode.net.
> nl. 60 IN NS ns1.dns.nl.
> nl. 60 IN NS ns2.dns.nl.
> nl. 60 IN NS ns3.dns.nl.
> nl. 60 IN NS ns4.dns.nl.
>
>
> So the TLL using the local resolver from EC2 (172.31.0.2) has its TTL
> reduced to 60s, instead of what is in [1]. You can run the same query
> for any TLD, or even amazon.com.
>
>
> Just curious why. Thanks,
>
> /giovane
>
> [1] https://www.internic.net/domain/root.zone
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-operations mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
More information about the dns-operations
mailing list