You could setup a DNSMASQ / Unbound service as a front end, which then queried bind. Both of those allow the setting of a minimum TTL (max of 3600 seconds in DNSMASQ). It cannot be done with bind by itself.
> On Oct 26, 2018, at 11:41, Grant Taylor via bind-users > <bind-users@lists.isc.org> wrote: > > On 10/26/2018 01:23 AM, Matus UHLAR - fantomas wrote: >> there is not. > > Thank you, Matus and Tony, for the direct answer. > >> using short TTLs is very risky, and forcing minimum TTL is apparently not >> way to work around. > > Understood. - I /think/ that I'm somewhat (dangerously?) informed and > /choosing/ my own poison. Maybe. > > To be clear, I'm not wanting to artificially lower the TTL. I want to > respect any and all TTLs that are longer than my locally administered minimum. > > My motivation for setting the minimum TTL (while fully accepting any and all > risk and associated responsibility there for) is to thwart DNS Rebinding. Or > to at least make it much more difficult (as in longer than my artificial > minimum TTL) to do. > > > > -- > Grant. . . . > unix || die > > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
