[dns-operations] Maximum TTL limits on public resolvers

Mark Delany b9w at charlie.emu.st
Mon Nov 15 22:38:29 UTC 2021


On 15Nov21, Hugo Salgado allegedly wrote:
> > What is the technical or other reason(s) for such TTL limiting?

> There are risks with excessively long TTL, for example, it is used as
> a technique when hijacking or poison a domain, to keep the fake record

It could be those reasons or it might simply be that they are exposing a side-effect of
their cache eviction implemention.

Someone like 8.8.8.8 who, at my last reckoning, were getting something like 8% of global
queries probably have fairly substantial memory demands, even with their selective support
of ECS.

The interesting thing about DNS caches is that the metadata can easily swamp the actually
cached data so most sophisticated attempts to manage the cache probably cost a lot more
memory than they are worth.

With too much time on your hands you could implement a pretty fancy-pants cache system
which has all sorts of memory-heavy metadata around LRU and hit rates and fetch costs and
poison risks and so on. Alternatively you could go for the absolute minimalist memory-cost
system whereby you have a dumb global memory-pressure knob which is expressed in a
modified TTL to reflect the eviction decision.

In the 8.8.8.8 case, I'd probably be inclined towards the latter.

I note that 8.8.8.8 preserves differing TTLs on RRSets, so they haven't gone complete
gonzo on memory minimization, so who knows?

In any event, as long as the exposed TTL is not greater than the auth supplied value, it
seems like an innocuous possibility to me.


Mark.


More information about the dns-operations mailing list