[dns-operations] EC2 resolver changing TTL on DNS answers?

Paul Hoffman phoffman at proper.com
Tue Nov 28 16:37:29 UTC 2017

On 28 Nov 2017, at 7:15, Andrew Sullivan wrote:

> What's wrong with this?

In short, what's wrong is that 172800 is so much larger than 60 they 
seem disconnected.

Does Amazon caps every TTL at 60? (This might be the case; I don't 
currently have a way to check)

Making the TTL for NS records for a stable TLD like .nl 
three-and-a-quarter orders of magnitude shorter seems wrong. It says 
that Amazon believes that it knows better than the operator of a stable 
TLD what the users of that TLD would want. And, if the caps are not 
identical for every zone, it could seem punitive to some zone operators.

> The TTL isn't an instruction, it's a constraint.  "Don't cache longer 
> than $ttl," not, "Cache for $ttl."

That's completely true, but not all that relevant to "What's wrong with 
this?". When given an option, taking an almost pathological extreme 
seems wrong.

--Paul Hoffman

More information about the dns-operations mailing list