[dns-operations] EC2 resolver changing TTL on DNS answers?
Viktor Dukhovni
ietf-dane at dukhovni.org
Tue Nov 28 18:06:46 UTC 2017
On Tue, Nov 28, 2017 at 08:37:29AM -0800, Paul Hoffman wrote:
> In short, what's wrong is that 172800 is so much larger than 60 they seem
> disconnected.
And yet, a 60s TTL for a resolver that is consolidating multiple
millions of queries into that 60s time-frame is likely not a
significant or even noticeable burden on the upstream authoritative
servers. There are not that many EC2's on the planet, and if each
"EC2" makes a query every 60s hardly anyone upstream will notice.
The key question is how those 60s caches within EC2 are partitioned.
That is, how many independent cache instances within EC2 each have
a 60s TTL and independently refresh the data from upstream. This
sets an effective bound on the query rate for any given record.
A the other end of the scale, one might ask whether RRsets with a
less than 60s upstream TTL have their TTL *raised* to 60s. That
could be more objectionable.
--
Viktor.
More information about the dns-operations
mailing list