Re: [DNSOP] Measuring DNS TTL clamping in the wild
Mikael Abrahamsson <swmike@swm.pp.se> Sat, 02 December 2017 10:29 UTC
Return-Path: <swmike@swm.pp.se>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 64310124234 for <dnsop@ietfa.amsl.com>; Sat, 2 Dec 2017 02:29:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Level:
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=swm.pp.se
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k5j1xiwKekbr for <dnsop@ietfa.amsl.com>; Sat, 2 Dec 2017 02:29:39 -0800 (PST)
Received: from uplift.swm.pp.se (swm.pp.se [212.247.200.143]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4A8CC1201FA for <DNSOP@ietf.org>; Sat, 2 Dec 2017 02:29:38 -0800 (PST)
Received: by uplift.swm.pp.se (Postfix, from userid 501) id 4F92FB5; Sat, 2 Dec 2017 11:29:35 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=swm.pp.se; s=mail; t=1512210575; bh=P7BnYJdF4WxRTCFq9OROpErpz4LLgEazRI7jD3cPOBc=; h=Date:From:To:cc:Subject:In-Reply-To:References:From; b=ctSDTYJdhmDdcXctx1MHQRID76in3rcdy0CAK/xSoFv8VPBVr8QZeDSFCi9qLhJvH H3iZ0vmR2peOnznNYWSDP1WKvneKxYyLJ1lX24Q7Z8cXusc0wgMfOwRPW3j1DUU9b7 lB30Pbes0m0Rj3GNHcc5wt61TyKXW7R3iH34++Es=
Received: from localhost (localhost [127.0.0.1]) by uplift.swm.pp.se (Postfix) with ESMTP id 3688EB4; Sat, 2 Dec 2017 11:29:35 +0100 (CET)
Date: Sat, 02 Dec 2017 11:29:35 +0100
From: Mikael Abrahamsson <swmike@swm.pp.se>
To: Steve Crocker <steve@shinkuro.com>
cc: dnsop <DNSOP@ietf.org>
In-Reply-To: <61DF0A99-0B74-40AB-815F-3DF78755EBE5@shinkuro.com>
Message-ID: <alpine.DEB.2.20.1712021124080.8884@uplift.swm.pp.se>
References: <aec2510c-e543-6c4a-873d-5c2db7df5a78@sidn.nl> <CAN6NTqytiDj-FfixD6aKD4AKa5oik7SEtP=82JhP4GR=SyWjYw@mail.gmail.com> <9E8E7EAA-7D37-4841-9144-F49C216ABD7B@verisign.com> <CAN6NTqx2Gq5XK6VDz-dVSbL8k5Yg8G=xM12qdQJHsBP=fp6pCw@mail.gmail.com> <953C8354-3F9D-46A4-82AB-7ED3A9E17387@vpnc.org> <EA286206-0AD7-48C3-B5BE-C2BFA1C7FB73@puck.nether.net> <61DF0A99-0B74-40AB-815F-3DF78755EBE5@shinkuro.com>
User-Agent: Alpine 2.20 (DEB 67 2015-01-07)
Organization: People's Front Against WWW
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/XfkT8MP3aDRUwQhCuiDZzN6UMQ8>
Subject: Re: [DNSOP] Measuring DNS TTL clamping in the wild
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 02 Dec 2017 10:29:41 -0000
On Fri, 1 Dec 2017, Steve Crocker wrote: > Let me make a guess that the only lengthening that takes place in > practice is a floor of ten seconds. > > Comments? I might be misinterpreting, but from the data presented in the graph in section 3.2 it looks like some will increase TTL to 7200 seconds at the highest. There seems to be large bumps at the 600, 1200 and 1800 second "minimum TTL" capping (if I guess correctly from looking at that graph). It would be interesting to hear what problems these operators are trying to solve by implementing these minimums. 7200 seconds does seem like a pretty high value to lower bound TTLs at. -- Mikael Abrahamsson email: swmike@swm.pp.se
- [DNSOP] Measuring DNS TTL Violations in the wild Giovane C. M. Moura
- Re: [DNSOP] Measuring DNS TTL Violations in the w… Ólafur Guðmundsson
- Re: [DNSOP] Measuring DNS TTL clamping in the wild Jared Mauch
- Re: [DNSOP] Measuring DNS TTL Violations in the w… Wessels, Duane
- Re: [DNSOP] Measuring DNS TTL Violations in the w… Ólafur Guðmundsson
- Re: [DNSOP] Measuring DNS TTL Violations in the w… Paul Hoffman
- Re: [DNSOP] Measuring DNS TTL clamping in the wild Jared Mauch
- Re: [DNSOP] Measuring DNS TTL clamping in the wild Steve Crocker
- Re: [DNSOP] Measuring DNS TTL clamping in the wild Mikael Abrahamsson
- Re: [DNSOP] Measuring DNS TTL clamping in the wild Åke Nordin
- Re: [DNSOP] Measuring DNS TTL Violations in the w… Mukund Sivaraman
- Re: [DNSOP] Measuring DNS TTL clamping in the wild Giovane C. M. Moura
- Re: [DNSOP] Measuring DNS TTL clamping in the wild Stephane Bortzmeyer
- Re: [DNSOP] Measuring DNS TTL Violations in the w… Andrew Sullivan
- Re: [DNSOP] Measuring DNS TTL Violations in the w… 神明達哉
- Re: [DNSOP] Measuring DNS TTL Violations in the w… Lanlan Pan
- Re: [DNSOP] Measuring DNS TTL Violations in the w… Joe Abley