Matthias Leisi skrev den 2024-09-29 17:34:
We used to have much longer TTLs some years ago (it was 24 hours, IIRC). However this has the risk that fixing a wrong listing would also take that long to propagate. Back then we experimented with different TTLs, and interestingly there was not much net effect between eg one or two hours.
SOA changes on every dns changes, so all AUTH servers know to reload zone ?
so dns clients that ignore SOA changes is basicly brokken is DNSSEC not helpfull ? if resolver use non AUTH servers, then return not found
