Re: [DNSOP] Measuring DNS TTL Violations in the wild
Lanlan Pan <abbypan@gmail.com> Wed, 06 December 2017 04:04 UTC
Return-Path: <abbypan@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 26EBE128799 for <dnsop@ietfa.amsl.com>; Tue, 5 Dec 2017 20:04:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ycaYnLV9xBgX for <dnsop@ietfa.amsl.com>; Tue, 5 Dec 2017 20:04:54 -0800 (PST)
Received: from mail-wm0-x243.google.com (mail-wm0-x243.google.com [IPv6:2a00:1450:400c:c09::243]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BC4531201F2 for <DNSOP@ietf.org>; Tue, 5 Dec 2017 20:04:53 -0800 (PST)
Received: by mail-wm0-x243.google.com with SMTP id n138so4891884wmg.2 for <DNSOP@ietf.org>; Tue, 05 Dec 2017 20:04:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=otL6f18O8PtuQ+4a/m9enwumUmgH9zBRcSxUkB/jDDs=; b=lLrvih0LOEupbDJ95/pw7SHPJCaLHj720uqN3VX4RTPjK3efN8X5T1cSA0DUpLMIb8 Y/zhv9ohhDvZi+vjtV2D44khWX9BxtFYTZYCMaGL9V19VhYCr2X28Bq/Pwpgu6JZZNd0 jAb1OG2PzB9Y3T1fsSBUAM+J4kWHWmoLsVchBslindL662WzLA9yRX1lOgniVIhJemLe xpngd2eUHPwQbrsiaocPvc3iFYG0kLQWhsYa2d+jHTmv37WHGDrtKj/zUnLxBxfeJqPk 9LkBOLVSmYYLFU98PUdwyzWtDQSpU2DBWEr3oqt40Kr438TPad8x/kROWQYIFUmBhHMz bE6g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=otL6f18O8PtuQ+4a/m9enwumUmgH9zBRcSxUkB/jDDs=; b=QVUE3FJ4DHv+Vl38RA+BOy6A9vYqJiYyG5gWL+NV0Xlm9MCVjyu89LfAddgwVypk8F hj5bjGN2M1jgcEYv/ex9uKrSLZ9VSlJQfPMJQTCfCY/YlueSB4WZiQnu6619IeBJUgl7 +q+LlvLMnA+LoKp4cOwMKeSkNbE7f/P638IaBkDWS0o+mR9kuGYtRIhV15XLCK78onvc QnxpSE2GAjLYPz1fRbpOu7NLVyIKabHvORBZvUU5esHxeE57FgmsNzSS69RLurdlCcdZ 0lHSO9H44N5rekvswSmIj8cQTIPFxPf+0qBoE2vTeJwRRtCZsYE8cqEvYuqfAxKCtkQS SJLA==
X-Gm-Message-State: AJaThX4ml5JZsQ1eed6su74twpB6qtYn53zz3kfnXnTH9JtQfxaMd/XC GdEnanlXKMSJ5P3o2ETGh01RLb5/ZHbduSQ9bC4=
X-Google-Smtp-Source: AGs4zMagDpBT/CnetBow8vSBBaZQML3NJgt0sGKD1xRE93NU6jdm5HT7VA5/0g9T/95SHIns81Ryv6Kqp8GsPTrt4Iw=
X-Received: by 10.80.177.250 with SMTP id n55mr39838971edd.30.1512533092314; Tue, 05 Dec 2017 20:04:52 -0800 (PST)
MIME-Version: 1.0
References: <aec2510c-e543-6c4a-873d-5c2db7df5a78@sidn.nl> <CAN6NTqytiDj-FfixD6aKD4AKa5oik7SEtP=82JhP4GR=SyWjYw@mail.gmail.com> <9E8E7EAA-7D37-4841-9144-F49C216ABD7B@verisign.com> <CAN6NTqx2Gq5XK6VDz-dVSbL8k5Yg8G=xM12qdQJHsBP=fp6pCw@mail.gmail.com> <20171202143925.GA20446@jurassic.lan.banu.com>
In-Reply-To: <20171202143925.GA20446@jurassic.lan.banu.com>
From: Lanlan Pan <abbypan@gmail.com>
Date: Wed, 06 Dec 2017 04:04:41 +0000
Message-ID: <CANLjSvVwtdseYdQ31w695rvyy=rup=qyqHee5RBupgcChYhbDA@mail.gmail.com>
To: Mukund Sivaraman <muks@isc.org>
Cc: Ólafur Guðmundsson <olafur@cloudflare.com>, dnsop <DNSOP@ietf.org>, "Wessels, Duane" <dwessels@verisign.com>, "Giovane C. M. Moura" <giovane.moura@sidn.nl>
Content-Type: multipart/alternative; boundary="f403045c4308adb381055fa40d7e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/_saCr2sfETf1ir4TWmURCatqiZo>
Subject: Re: [DNSOP] Measuring DNS TTL Violations in the wild
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Dec 2017 04:04:56 -0000
Mukund Sivaraman <muks@isc.org>于2017年12月2日周六 下午10:39写道: > On Fri, Dec 01, 2017 at 05:16:47PM +0000, Ólafur Guðmundsson wrote: > > On Fri, Dec 1, 2017 at 5:02 PM, Wessels, Duane <dwessels@verisign.com> > > wrote: > > > > > > > > > On Dec 1, 2017, at 8:38 AM, Ólafur Guðmundsson < > olafur@cloudflare.com> > > > wrote: > > > > > > > > I strongly disagree with your "terminology", TTL is a hint about > maximum > > > caching period, not a demand or a contract. > > > > > > You say its just a hint. If you put a TTL of 1 hour on your data, and > I > > > have a recursive name server that reuses it for 2 hours, 12 hours, 5 > > > days... thats okay? > > > > > > If its just a hint then we are we spending all this effort on "serve > > > stale"? > > > > > > DW > > > > > > > > Strictly speaking yes, it is the same as when a Secondary does not update > > the zone for a long time. > > An authoritiative server operator knows what the consequence of setting > SOA RDATA fields is. It isn't the same as a cache extending TTL as it > sees fit, in spite of the loose coherency among primary and secondaries. > > I don't agree a downstream cache has authoritiative say about extending > TTLs (except exceptional circumstances where the authority is > unreachable ~serve-stale). > Some authorititatives set the NS RR TTL<60s, they don't follow the best practice guide. Authoritatives think they "do the right thing" to spread latest NS RR. Needless to say A RR. Some resolvers extend all RR's TTL<60s to 3600s,just to reduce the queries, when the authority is reachable. Resolvers think they "do the right thing", too. > Mukund > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop > -- 致礼 Best Regards 潘蓝兰 Pan Lanlan
- [DNSOP] Measuring DNS TTL Violations in the wild Giovane C. M. Moura
- Re: [DNSOP] Measuring DNS TTL Violations in the w… Ólafur Guðmundsson
- Re: [DNSOP] Measuring DNS TTL clamping in the wild Jared Mauch
- Re: [DNSOP] Measuring DNS TTL Violations in the w… Wessels, Duane
- Re: [DNSOP] Measuring DNS TTL Violations in the w… Ólafur Guðmundsson
- Re: [DNSOP] Measuring DNS TTL Violations in the w… Paul Hoffman
- Re: [DNSOP] Measuring DNS TTL clamping in the wild Jared Mauch
- Re: [DNSOP] Measuring DNS TTL clamping in the wild Steve Crocker
- Re: [DNSOP] Measuring DNS TTL clamping in the wild Mikael Abrahamsson
- Re: [DNSOP] Measuring DNS TTL clamping in the wild Åke Nordin
- Re: [DNSOP] Measuring DNS TTL Violations in the w… Mukund Sivaraman
- Re: [DNSOP] Measuring DNS TTL clamping in the wild Giovane C. M. Moura
- Re: [DNSOP] Measuring DNS TTL clamping in the wild Stephane Bortzmeyer
- Re: [DNSOP] Measuring DNS TTL Violations in the w… Andrew Sullivan
- Re: [DNSOP] Measuring DNS TTL Violations in the w… 神明達哉
- Re: [DNSOP] Measuring DNS TTL Violations in the w… Lanlan Pan
- Re: [DNSOP] Measuring DNS TTL Violations in the w… Joe Abley