[DNSOP] Measuring DNS TTL Violations in the wild
"Giovane C. M. Moura" <giovane.moura@sidn.nl> Fri, 01 December 2017 15:48 UTC
Return-Path: <giovane.moura@sidn.nl>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 33F6D1293FD for <dnsop@ietfa.amsl.com>; Fri, 1 Dec 2017 07:48:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.301
X-Spam-Level:
X-Spam-Status: No, score=-4.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sidn.nl
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vukm4QT95GEu for <dnsop@ietfa.amsl.com>; Fri, 1 Dec 2017 07:48:26 -0800 (PST)
Received: from arn2-kamx.sidn.nl (kamx.sidn.nl [IPv6:2a00:d78:0:147:94:198:152:69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B9EBD124B09 for <dnsop@ietf.org>; Fri, 1 Dec 2017 07:48:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; d=sidn.nl; s=sidn-nl; c=relaxed/relaxed; h=to:from:subject:message-id:date:user-agent:mime-version:content-type:content-language:content-transfer-encoding:x-originating-ip:x-clientproxiedby; bh=iqizIKypJ76LY28wNSHDsxGmVppMfGQMenbCaXrQ/yY=; b=dRZzevRY7jvS0K7XkYc0dBYBS/KFh1qXatboNImLAb25Zptc426iv5UB8jEm/bM5ANQRIeaAl872bZqh+r9YamgSA7W0gYcd067By5lOilyZm0XCnJ4SRAzHSpDsbf5vKD0ixTatWuEtaPmRSncwh6zp2YthRjjuqF1BRQ+8Sehf7J2sxPyVTsxexphHY8cuILBuccwEJTavTfs1BvlsxRpEYsvZ+Xq4t/LpTy1RtrRl5q+kRyRzKDmabVd0ZtbqHlxGNxyE/8ReRSfWRE868EA+ktVTMjYzhvc/sv6oYg/OuZOZr8r/y54hl/2u0ZIv2BGl7+hw4+8wjgBpnrZjCw==
Received: from ka-mbx02.SIDN.local ([192.168.2.178]) by arn2-kamx.sidn.nl with ESMTP id vB1FmNcm017317-vB1FmNco017317 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=CAFAIL) for <DNSOP@ietf.org>; Fri, 1 Dec 2017 16:48:23 +0100
Received: from [94.198.159.133] (94.198.159.133) by ka-mbx02.SIDN.local (192.168.2.178) with Microsoft SMTP Server (TLS) id 15.0.1130.7; Fri, 1 Dec 2017 16:48:23 +0100
To: DNSOP@ietf.org
From: "Giovane C. M. Moura" <giovane.moura@sidn.nl>
Message-ID: <aec2510c-e543-6c4a-873d-5c2db7df5a78@sidn.nl>
Date: Fri, 01 Dec 2017 16:48:21 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Originating-IP: [94.198.159.133]
X-ClientProxiedBy: ka-hubcasn02.SIDN.local (192.168.2.172) To ka-mbx02.SIDN.local (192.168.2.178)
X-FEAS-SPF: 2 / 2, ip=94.198.159.133, helo=, mailFrom=giovane.moura@sidn.nl, headerFrom=giovane.moura@sidn.nl
Authentication-Results: arn2-kamx.sidn.nl; spf=pass (sidn.nl: domain of giovane.moura@sidn.nl designates 94.198.159.133 as permitted sender) smtp.mailfrom=giovane.moura@sidn.nl
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/iF9eAt3L5s0BljFCscInOdbwdq4>
Subject: [DNSOP] Measuring DNS TTL Violations in the wild
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Dec 2017 15:48:28 -0000
Hi, In the light of the recent discussions on TTL violations and server stale here on the list, I decided to take a look on how often resolvers perform TTL violations in the wild. To do that, I used almost 10K Ripe Atlas probes. You can find a report and datasets at: https://labs.ripe.net/Members/giovane_moura/dns-ttl-violations-in-the-wild-with-ripe-atlas-2 Now, what was more scary were the violations that *increased* the TTL of of RR some more than 10x. That may put users at risk of service domains that may have been already taken down. /giovane ps: related thread on oarc list at : https://lists.dns-oarc.net/pipermail/dns-operations/2017-November/017039.html
- [DNSOP] Measuring DNS TTL Violations in the wild Giovane C. M. Moura
- Re: [DNSOP] Measuring DNS TTL Violations in the w… Ólafur Guðmundsson
- Re: [DNSOP] Measuring DNS TTL clamping in the wild Jared Mauch
- Re: [DNSOP] Measuring DNS TTL Violations in the w… Wessels, Duane
- Re: [DNSOP] Measuring DNS TTL Violations in the w… Ólafur Guðmundsson
- Re: [DNSOP] Measuring DNS TTL Violations in the w… Paul Hoffman
- Re: [DNSOP] Measuring DNS TTL clamping in the wild Jared Mauch
- Re: [DNSOP] Measuring DNS TTL clamping in the wild Steve Crocker
- Re: [DNSOP] Measuring DNS TTL clamping in the wild Mikael Abrahamsson
- Re: [DNSOP] Measuring DNS TTL clamping in the wild Åke Nordin
- Re: [DNSOP] Measuring DNS TTL Violations in the w… Mukund Sivaraman
- Re: [DNSOP] Measuring DNS TTL clamping in the wild Giovane C. M. Moura
- Re: [DNSOP] Measuring DNS TTL clamping in the wild Stephane Bortzmeyer
- Re: [DNSOP] Measuring DNS TTL Violations in the w… Andrew Sullivan
- Re: [DNSOP] Measuring DNS TTL Violations in the w… 神明達哉
- Re: [DNSOP] Measuring DNS TTL Violations in the w… Lanlan Pan
- Re: [DNSOP] Measuring DNS TTL Violations in the w… Joe Abley