Re: [DNSOP] Measuring DNS TTL Violations in the wild

2017-12-06 Thread Joe Abley
On Dec 5, 2017, at 23:04, Lanlan Pan wrote: > Some authorititatives set the NS RR TTL<60s, they don't follow the best > practice guide. The trouble here is understanding the motivations of any particular parameter, and doing so at scale. You could assume as a resolver

Re: [DNSOP] Measuring DNS TTL Violations in the wild

2017-12-05 Thread Lanlan Pan
Mukund Sivaraman 于2017年12月2日周六 下午10:39写道: > On Fri, Dec 01, 2017 at 05:16:47PM +, Ólafur Guðmundsson wrote: > > On Fri, Dec 1, 2017 at 5:02 PM, Wessels, Duane > > wrote: > > > > > > > > > On Dec 1, 2017, at 8:38 AM, Ólafur Guðmundsson < >

Re: [DNSOP] Measuring DNS TTL Violations in the wild

2017-12-05 Thread 神明達哉
At Sat, 2 Dec 2017 20:09:25 +0530, Mukund Sivaraman wrote: > > Strictly speaking yes, it is the same as when a Secondary does not update > > the zone for a long time. > > An authoritiative server operator knows what the consequence of setting > SOA RDATA fields is. It isn't the

Re: [DNSOP] Measuring DNS TTL Violations in the wild

2017-12-05 Thread Andrew Sullivan
On Sat, Dec 02, 2017 at 08:09:25PM +0530, Mukund Sivaraman wrote: > I don't agree a downstream cache has authoritiative say about extending > TTLs (except exceptional circumstances where the authority is > unreachable ~serve-stale). I will note that this WG spent a fair amount of effort on RFC

Re: [DNSOP] Measuring DNS TTL Violations in the wild

2017-12-02 Thread Mukund Sivaraman
On Fri, Dec 01, 2017 at 05:16:47PM +, Ólafur Guðmundsson wrote: > On Fri, Dec 1, 2017 at 5:02 PM, Wessels, Duane > wrote: > > > > > > On Dec 1, 2017, at 8:38 AM, Ólafur Guðmundsson > > wrote: > > > > > > I strongly disagree with your

Re: [DNSOP] Measuring DNS TTL Violations in the wild

2017-12-01 Thread Paul Hoffman
On 1 Dec 2017, at 9:16, Ólafur Guðmundsson wrote: > We are getting into religion here, the original poster called people that > cap TTL's Heretics, Looking through the mail archives, no one other than you is using that term. --Paul Hoffman ___ DNSOP

Re: [DNSOP] Measuring DNS TTL Violations in the wild

2017-12-01 Thread Ólafur Guðmundsson
On Fri, Dec 1, 2017 at 5:02 PM, Wessels, Duane wrote: > > > On Dec 1, 2017, at 8:38 AM, Ólafur Guðmundsson > wrote: > > > > I strongly disagree with your "terminology", TTL is a hint about maximum > caching period, not a demand or a contract. > >

Re: [DNSOP] Measuring DNS TTL Violations in the wild

2017-12-01 Thread Ólafur Guðmundsson
I strongly disagree with your "terminology", TTL is a hint about maximum caching period, not a demand or a contract. A resolver can at any time for any reason discard cached entries. Many Authoritative operators have "unreasonable" TTL's like less than 10 seconds or multiple days and I see no

[DNSOP] Measuring DNS TTL Violations in the wild

2017-12-01 Thread Giovane C. M. Moura
Hi, In the light of the recent discussions on TTL violations and server stale here on the list, I decided to take a look on how often resolvers perform TTL violations in the wild. To do that, I used almost 10K Ripe Atlas probes. You can find a report and datasets at: