|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: fwd: Re: [registrars] Re: panix.com hijacked
In message <[email protected]>, "william( at)elan.net" writes: > > >On Sun, 16 Jan 2005, Joe Maimon wrote: > >> Thus justifying those who load their NS and corresponding NS's A records >> with nice long TTL > >Although this wasn't a problem in this case (hijacker did not appear to >have been interested in controlling dns since it points to default domain >registration and under construction page), but long TTL trick could be >used by hijackers - i.e. he gets some very popular domain, changes dns to >the one he controls and purposely sets long TTL. Now even if registrars >are able to act quickly and change registration back, those who cached new >dns data would keep it for quite long in their cache. > Many versions of bind have a parameter that caps TTLs to some rational maximum value -- by default in bind9, 3 hours. Unfortunately, the documentation suggests that the purpose of the max-ncache-ttl parameter is to let you increase the cap, in order to improve performance and decrease network traffic. The suggestion that someone made the other day -- that the TTL on zones be ramped up gradually by the registries after creation or transfer -- is, I think, a good one. --Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb
|