[dns-operations] slack.com bogus

Peter van Dijk peter.van.dijk at powerdns.com
Thu Sep 30 22:54:01 UTC 2021


On Thu, 2021-09-30 at 15:31 -0700, Michael Sinatra wrote:
> Once the negative cache ttl expires (5 min according to 
> the SOA minimum)

It appears AWS DNS has a bug here - their negative responses advertise
the 900 second TTL on the SOA records in negative responses, instead of
the 300 second MINIMUM. This, of course, changes nothing about your
argument. (But it would be nice if AWS fixed this.)

> , people will start resolving and validating stuff 
> again, rather than having to force-flush or wait for the 24 hour DS TTL 
> to expire.  (By my calculation, we still have 17 hours to go, vs. 5 
> minutes.)

>From the data I have found at dnsviz, indeed, some time between 15:30
UTC and 17:24 UTC.

(And for those wondering about caching on positive responses, A queries
for both slack.com and status.slack.com currently hold a 60 second TTL.
However 1 hour on slack.com/TXT and 2 days on slack.com/NS, which may
hurt.)

Kind regards,
-- 
Peter van Dijk
PowerDNS.COM BV - https://www.powerdns.com/




More information about the dns-operations mailing list