On 2018-02-08 (08:51 MST), Mukund Sivaraman <m...@isc.org> wrote: > > Also, just for argument's sake, one user wants to extend TTLs to > 5s. Another wants 60s TTLs. What is OK and what is going too far?
For the record, the issue is not RBLs or legitimate domains, it is spammer scum that set super-low DNS because they are shotgunning spam from a a vast botnet and they want to have maximal impact, so you get a different IP for every spam they send. It is a way of trying to overwhelm a machines tarpits, blacklists, sshguard protections, and others. But to answer your question, off-hand, I'd say that any TTL under 60s is suspicious and any TTL under 10s is almost certainly intentionally abusive. But that's just me, giving it maybe 20 seconds of thought. -- So now you know the words to our song, pretty soon you'll all be singing along, when you're sad, when you're lonely and it all turns out wrong... _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list firstname.lastname@example.org https://lists.isc.org/mailman/listinfo/bind-users