IETF Logo Mail Archive

Re: [DNSOP] Measuring DNS TTL Violations in the wild

Ólafur Guðmundsson <olafur@cloudflare.com> Fri, 01 December 2017 17:16 UTC

Return-Path: <olafur@cloudflare.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 22CF5127ABE for <dnsop@ietfa.amsl.com>; Fri, 1 Dec 2017 09:16:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cloudflare.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bFvG3tx6lyWN for <dnsop@ietfa.amsl.com>; Fri, 1 Dec 2017 09:16:50 -0800 (PST)
Received: from mail-wr0-x234.google.com (mail-wr0-x234.google.com [IPv6:2a00:1450:400c:c0c::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C825E1274D2 for <DNSOP@ietf.org>; Fri, 1 Dec 2017 09:16:49 -0800 (PST)
Received: by mail-wr0-x234.google.com with SMTP id v105so10831016wrc.3 for <DNSOP@ietf.org>; Fri, 01 Dec 2017 09:16:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=55XPGtSyHFKTDzurqAXHS5O6QWQKlBnOdxJG6GOzARw=; b=UV5eAqh+PV098VCQCdYkL546WFLkjA35oUy3yzDirWhgJK6CSheFzdrPzRogFO74cW dXbi8/AgF9bvaLt1Mpc56FUfH+mx4fQARxD9vGz075LwFKf+5Ouou5rWBKTSF1miM5Ag lzu180ZAzqHvw8/10unUxVQnpwzrQQD0s3zqI=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=55XPGtSyHFKTDzurqAXHS5O6QWQKlBnOdxJG6GOzARw=; b=J8cXsOGtzGfMiUESDZE5JkhdegCQnjrFSlrh7GWzFSrUh7bQaZJ3k5lwqEEbENFNI9 iGh7xEIq4CUMgae+/I5stgpM9bPGUfjZZ/cjdk2aJ7Z/eV+ze00jqBxWdHbUEXvtaS74 jMdsURaoNpKs1NaSJJZYLYTWbrNPfQCieUCCptvVoo2g1OIYh3q4LmEfu65MFhi/tYAS JGgWR5LI0mrIo/JD0dMl02bsNGvf0bco52zUeB794S7WdO4Z5wP6oTZyn23cEEL+lZTD MitX8KPgcwWBBN4wiEKV7bLVVPMe1IqGR9JupnI5tgVyfEDt6JiJGjKJOTzDxwdNAbwZ 676g==
X-Gm-Message-State: AJaThX6fx6a1um3MXC4z4/5D8Itw1mgmzfNJOEDnh0Sph/TK6zrTYL4S LDThjLTlVihzzZWrc4v7SEaX6RY/taUc5cOpI4cbWA==
X-Google-Smtp-Source: AGs4zMbUGZfQr5JmKER5mwrFEXYFg4KoUq9pmm/3oT4RH5t1Y5k85CatNoljKFSh2izOUFACg51xOed4oO/deBvueBM=
X-Received: by 10.223.195.103 with SMTP id e36mr6039810wrg.10.1512148608162; Fri, 01 Dec 2017 09:16:48 -0800 (PST)
MIME-Version: 1.0
Received: by 10.223.166.136 with HTTP; Fri, 1 Dec 2017 09:16:47 -0800 (PST)
In-Reply-To: <9E8E7EAA-7D37-4841-9144-F49C216ABD7B@verisign.com>
References: <aec2510c-e543-6c4a-873d-5c2db7df5a78@sidn.nl> <CAN6NTqytiDj-FfixD6aKD4AKa5oik7SEtP=82JhP4GR=SyWjYw@mail.gmail.com> <9E8E7EAA-7D37-4841-9144-F49C216ABD7B@verisign.com>
From: Ólafur Guðmundsson <olafur@cloudflare.com>
Date: Fri, 01 Dec 2017 17:16:47 +0000
Message-ID: <CAN6NTqx2Gq5XK6VDz-dVSbL8k5Yg8G=xM12qdQJHsBP=fp6pCw@mail.gmail.com>
To: "Wessels, Duane" <dwessels@verisign.com>
Cc: "Giovane C. M. Moura" <giovane.moura@sidn.nl>, dnsop <DNSOP@ietf.org>
Content-Type: multipart/alternative; boundary="f403045c11c0a332fd055f4a88d8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/UHf1t2oLl9m9FhJo4k7vMDYvI58>
Subject: Re: [DNSOP] Measuring DNS TTL Violations in the wild
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Dec 2017 17:16:52 -0000

On Fri, Dec 1, 2017 at 5:02 PM, Wessels, Duane <dwessels@verisign.com>
wrote:

>
> > On Dec 1, 2017, at 8:38 AM, Ólafur Guðmundsson <olafur@cloudflare.com>
> wrote:
> >
> > I strongly disagree with your "terminology", TTL is a hint about maximum
> caching period, not a demand or a contract.
>
> You say its just a hint.  If you put a TTL of 1 hour on your data, and I
> have a recursive name server that reuses it for 2 hours, 12 hours, 5
> days... thats okay?
>
> If its just a hint then we are we spending all this effort on "serve
> stale"?
>
> DW
>
>
Strictly speaking yes, it is the same as when a Secondary does not update
the zone for a long time.
DNS is not a strict coherency protocol, thus playing  loose with the time
things are with in reason is ok.
Stretching TTL from 1 Hour to 1 day is IMHO BAD, doing it for 10% or 10
minutes is fine.
We are getting into religion here, the original poster called people that
cap TTL's Heretics,
I disagree with that labeling of myself and others that are applying sane
caps.

Olafur

v2.37.1 | Report a Bug | By Email | System Status