Re: [DNSOP] Measuring DNS TTL clamping in the wild
Åke Nordin <ake.nordin@netia.se> Sat, 02 December 2017 12:19 UTC
Return-Path: <ake.nordin@netia.se>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 71852126B6E for <dnsop@ietfa.amsl.com>; Sat, 2 Dec 2017 04:19:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.919
X-Spam-Level:
X-Spam-Status: No, score=-1.919 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=netiadata.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qdYL5Jh4jArH for <dnsop@ietfa.amsl.com>; Sat, 2 Dec 2017 04:19:35 -0800 (PST)
Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-he1eur01on0071.outbound.protection.outlook.com [104.47.0.71]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 891571205F1 for <DNSOP@ietf.org>; Sat, 2 Dec 2017 04:19:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netiadata.onmicrosoft.com; s=selector1-netia-se; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=OtzldOsSApSaJ6RpiR4qyj3TAzigaGARe0AYRewXWe0=; b=PLeW2T1WKFrrd0ShHXGJ7kiIKbwVpL/L+ypTe2Z/ga3Sv4/tKKujmbxuOdKQmYnKCFmJrSkiyhLiHMH521kU2/+mW10XFygna59D/qewwe3fEu7eho8ytGZG+wsNEwTMowNE1EMgYr1649rD8ISnGcXHIeXdEWEyQMNl1CZeUlY=
Received: from DB5PR09MB0567.eurprd09.prod.outlook.com (10.161.200.27) by DB5PR09MB0565.eurprd09.prod.outlook.com (10.161.199.156) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.282.5; Sat, 2 Dec 2017 12:19:30 +0000
Received: from DB5PR09MB0567.eurprd09.prod.outlook.com ([fe80::f141:69a:aab9:ed6b]) by DB5PR09MB0567.eurprd09.prod.outlook.com ([fe80::f141:69a:aab9:ed6b%14]) with mapi id 15.20.0282.007; Sat, 2 Dec 2017 12:19:30 +0000
From: Åke Nordin <ake.nordin@netia.se>
To: Mikael Abrahamsson <swmike@swm.pp.se>, dnsop <DNSOP@ietf.org>
Thread-Topic: [DNSOP] Measuring DNS TTL clamping in the wild
Thread-Index: AQHTas1JOevpUaKupk+LCeZDRBqcb6MuylEAgAEQ+YCAAByWUA==
Date: Sat, 02 Dec 2017 12:19:29 +0000
Message-ID: <DB5PR09MB0567E6A4C423C33F6E8611D5E43E0@DB5PR09MB0567.eurprd09.prod.outlook.com>
References: <aec2510c-e543-6c4a-873d-5c2db7df5a78@sidn.nl> <CAN6NTqytiDj-FfixD6aKD4AKa5oik7SEtP=82JhP4GR=SyWjYw@mail.gmail.com> <9E8E7EAA-7D37-4841-9144-F49C216ABD7B@verisign.com> <CAN6NTqx2Gq5XK6VDz-dVSbL8k5Yg8G=xM12qdQJHsBP=fp6pCw@mail.gmail.com> <953C8354-3F9D-46A4-82AB-7ED3A9E17387@vpnc.org> <EA286206-0AD7-48C3-B5BE-C2BFA1C7FB73@puck.nether.net> <61DF0A99-0B74-40AB-815F-3DF78755EBE5@shinkuro.com>, <alpine.DEB.2.20.1712021124080.8884@uplift.swm.pp.se>
In-Reply-To: <alpine.DEB.2.20.1712021124080.8884@uplift.swm.pp.se>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=ake.nordin@netia.se;
x-originating-ip: [2001:470:28:7e7:941:396e:504a:233f]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DB5PR09MB0565; 6:ff2m5gRHUVo6BZ3+mcDkrPKUc88y5cJxrML2xgJq3Z4ukY7w8gSUaKQW+WmuK2o2Fj02eUJWU0XqeCzmnlbjA8R7AxKvJFEtG2Drf7LJb85A4PvyJ65otbxh0k4P7Hdmyt25snjo+IDVM/8QwBmIMxFMqOy8isr9lPz9oJxrac2YioS67XaB8IGWzvhRg51r/5FYdH5XvNtlBuCzitfmY4xgrAUwZDwlMJmiLXhnB5tELEPxtt4xBgzDmmzapaAxJ396MAmZppF0wmeqvIIlx4AGmen3qZg16HAmcU0jHk4HQrnNmBzHdYMbiALwL2Q20OsQW1GBhSS5hvJAl7iOmmzklMhgbZeFzwyFtqkgiQc=; 5:L7s7I/WejFAaC3KYnlZilnhmhacyziUjy10Zxj7qr2URamtj09cbQAs/J+5Cp7FHjo3+jbNQNHTn9DXsdSD5sbdgciqKbOVRj/jkVLXRZKymEKOIqKcmDOByriTFyaWfBLQd5g45QBFGqYHUAiPdGJUeKQ9wK+nLwY11/mV6RgA=; 24:5P2jRdMy+WsS5vkdFZMHvQbWIHKDa/taXO9oqVidJy7FuobLhtgd74NL+Ei4s877Fv/psV4omUx1k7nrzFN2xFfI3nDdv5hzhjTOawuLbU4=; 7:qzpWfoOvoxBj86PK2Bq46ev/gIl3GyNTvuDMwm97qi6Z2l+SxTlzWqOUQbR+7YTBwyu46J98GOmc2Sx4UD6oYiCPevosOymZQfbpp9kYWFpMcyLQTo+ucNxT9idARpv6p1+YCqfsLB4RK0cZ5SjWMq5wS8DDsUW4hydj0acDPkV0OT369KicmblzqUOzD+o/KL3KUFSRaMoNfscxYrdj0LC4NLLIY09LB0cf4CxWIyNkrtjULD+9bYwzAWm3XtF3
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: 9dc83695-75f8-4ad7-cd23-08d5397ef033
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(5600026)(4604075)(4534020)(4602075)(4603075)(4627115)(201702281549075)(2017052603286); SRVR:DB5PR09MB0565;
x-ms-traffictypediagnostic: DB5PR09MB0565:
x-microsoft-antispam-prvs: <DB5PR09MB0565636D325AFEECB87321CFE43E0@DB5PR09MB0565.eurprd09.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040450)(2401047)(8121501046)(5005006)(10201501046)(3002001)(93006095)(93001095)(3231022)(6041248)(2016111802025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123560025)(20161123555025)(20161123564025)(20161123558100)(20161123562025)(6072148)(6043046)(201708071742011); SRVR:DB5PR09MB0565; BCL:0; PCL:0; RULEID:(100000803101)(100110400095); SRVR:DB5PR09MB0565;
x-forefront-prvs: 0509245D29
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(346002)(376002)(366004)(39830400002)(199003)(24454002)(189002)(6436002)(99286004)(19627405001)(5250100002)(7696005)(97736004)(14454004)(54896002)(53936002)(9686003)(6506006)(25786009)(68736007)(106356001)(54356011)(33656002)(5660300001)(229853002)(6246003)(6606003)(55016002)(2950100002)(76176011)(105586002)(6116002)(86362001)(2900100001)(8676002)(81156014)(81166006)(7736002)(189998001)(74316002)(110136005)(3280700002)(8936002)(93886005)(316002)(478600001)(101416001)(3660700001)(74482002)(2906002)(102836003)(217873001); DIR:OUT; SFP:1101; SCL:1; SRVR:DB5PR09MB0565; H:DB5PR09MB0567.eurprd09.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: netia.se does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_DB5PR09MB0567E6A4C423C33F6E8611D5E43E0DB5PR09MB0567eurp_"
MIME-Version: 1.0
X-OriginatorOrg: netia.se
X-MS-Exchange-CrossTenant-Network-Message-Id: 9dc83695-75f8-4ad7-cd23-08d5397ef033
X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Dec 2017 12:19:29.9351 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 8340c518-70dd-4f37-8ede-b82b05e8cdf6
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB5PR09MB0565
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/5wMCwq4xLAMG5dE8VJctcZtzOYk>
Subject: Re: [DNSOP] Measuring DNS TTL clamping in the wild
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 02 Dec 2017 12:19:37 -0000
On Sat, 2 dec 2017, Mikael Abrahamsson wrote: > On Fri, 1 Dec 2017, Steve Crocker wrote: > > > Let me make a guess that the only lengthening that takes place in > > practice is a floor of ten seconds. > > > > Comments? > > I might be misinterpreting, but from the data presented in the graph in > section 3.2 it looks like some will increase TTL to 7200 seconds at the > highest. There seems to be large bumps at the 600, 1200 and 1800 second > "minimum TTL" capping (if I guess correctly from looking at that graph). > > It would be interesting to hear what problems these operators are trying > to solve by implementing these minimums. 7200 seconds does seem like a > pretty high value to lower bound TTLs at. Whoah, extending TTL to 2h becomes pretty bad when the name was nefarious and taken down within, say, 15 minutes. That renders a lot of good people's work less useful. BR, -- Åke Nordin <ake.nordin@netia.se>, resident Net/Lunix/telecom geek.
- [DNSOP] Measuring DNS TTL Violations in the wild Giovane C. M. Moura
- Re: [DNSOP] Measuring DNS TTL Violations in the w… Ólafur Guðmundsson
- Re: [DNSOP] Measuring DNS TTL clamping in the wild Jared Mauch
- Re: [DNSOP] Measuring DNS TTL Violations in the w… Wessels, Duane
- Re: [DNSOP] Measuring DNS TTL Violations in the w… Ólafur Guðmundsson
- Re: [DNSOP] Measuring DNS TTL Violations in the w… Paul Hoffman
- Re: [DNSOP] Measuring DNS TTL clamping in the wild Jared Mauch
- Re: [DNSOP] Measuring DNS TTL clamping in the wild Steve Crocker
- Re: [DNSOP] Measuring DNS TTL clamping in the wild Mikael Abrahamsson
- Re: [DNSOP] Measuring DNS TTL clamping in the wild Åke Nordin
- Re: [DNSOP] Measuring DNS TTL Violations in the w… Mukund Sivaraman
- Re: [DNSOP] Measuring DNS TTL clamping in the wild Giovane C. M. Moura
- Re: [DNSOP] Measuring DNS TTL clamping in the wild Stephane Bortzmeyer
- Re: [DNSOP] Measuring DNS TTL Violations in the w… Andrew Sullivan
- Re: [DNSOP] Measuring DNS TTL Violations in the w… 神明達哉
- Re: [DNSOP] Measuring DNS TTL Violations in the w… Lanlan Pan
- Re: [DNSOP] Measuring DNS TTL Violations in the w… Joe Abley