Hi Sandy, Thanks for the info on TTL. We don't change very often and we're pretty low volume, so 4 hours would be fine.
The link you provide is what I found before: it's a Windows port but it's uncompiled. Lacking a compiler, I was looking for something precompiled. Thanks, Ben -----Original Message----- From: Sanford Whiteman Sent: Monday, November 26, 2012 7:20 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] MX, DNS and other weird stuff > So, two questions: first, is there a version of p0f that runs under > Windows? > I found the Unix version and I found a Windows-port version that is not > compiled (and I haven't used a real compiler in at least ten years). http://packetstormsecurity.org/files/download/109101/p0f-3.03b-win.zip > Second question: what's the popular recommendation for DNS TTL nowadays? I > think I reset mine many years ago after a discussion here among some other > people. "Universal" default TTL? You could say 4 hours. But it depends on the application, the stage you're at with setting up a new host (testing vs. long-term stable), the need for dynamic changes, all, of course, balanced against much load you want/need to shed. I test using 5m TTLs, but also keep 5- and 10-minute TTLs permanently where we have geographic clusters because that's the only way they work. In other cases, I try for one day. Rarely do I use more than a day even when a host has been stable for a long period, even if I could; with our traffic, I don't mind one DNS request per day for each session. For reference, you can look around at high-traffic sites like web analytics. My two analytics packages use 60s and 5m. I think the first one was at my behest because one of their servers kept going down and needing to be null-routed a couple of years ago! -- S. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.