North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: [registrars] Re: panix.com hijacked

  • From: Joe Abley
  • Date: Mon Jan 17 13:56:20 2005

On 17 Jan 2005, at 13:08, Steven M. Bellovin wrote:

The suggestion that someone made the other day -- that the TTL on zones
be ramped up gradually by the registries after creation or transfer --
is, I think, a good one.
Records in the control of the registry are the NS records in the parent zone (the "com" zone in this case). Those are non-authoritative and are going to get replaced in caches with data from the authority servers for the delegated zones (ns[12].access.net, in this case), once those servers are reached.

So the TTLs of records in the registry-operated zones will likely have no impact on how long NS records for delegated zones remain in caches.

If panix (or anybody else) wants to increase the time that their NS records stay in caches, the way to do it is to increase the TTLs on the authoritative NS records in their own zones. For panix.com, these appear to be set to 72 hours (the non-authoritative NS records for PANIX.COM in the COM zone have 48-hour TTLs).

I will now sit back wait for Mark Andrews to appear and flame me to death for my inadequate understanding of the DNS. This is, of course, a subtle ploy to help reduce my Ontario winter heating costs, and to avoid having to spend the rest of the afternoon chipping ice off the driveway with a shovel.


Joe