On 2018-02-08 (08:51 MST), Mukund Sivaraman <m...@isc.org> wrote:
> Also, just for argument's sake, one user wants to extend TTLs to
> 5s. Another wants 60s TTLs. What is OK and what is going too far?

For the record, the issue is not RBLs or legitimate domains, it is spammer scum 
that set super-low DNS because they are shotgunning spam from a a vast botnet 
and they want to have maximal impact, so you get a different IP for every spam 
they send. It is a way of trying to overwhelm a machines tarpits, blacklists, 
sshguard protections, and others.

But to answer your question, off-hand, I'd say that any TTL under 60s is 
suspicious and any TTL under 10s is almost certainly intentionally abusive.

But that's just me, giving it maybe 20 seconds of thought.

So now you know the words to our song, pretty soon you'll all be singing
along, when you're sad, when you're lonely and it all turns out wrong...

Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list

Reply via email to