On Thu, Sep 07, 2017 at 10:28:30PM -0700, Paul Vixie wrote: > if they really need this, they should provide a method by which i can specify > both a TTL and an Expiry, and i will consider publishing both values, and > if i do, then they can use them the way i intend them. because as i said, > autonomy. it's my data, and my TTL.
I agree, and yet, a DDoS can make your data unavailable for refresh through no fault of yours, which makes a resolver operator appear to be broken through no fault of theirs, which makes them want very much to be able to do this bad thing. So, TTL stretching goes on the pile with NXDOMAIN redirection, tools that can be used for censorship, and all the other regrettable things that we implemented anyway dammit. (I do like the idea of advertising a separate expiry value though.) -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop