At 7/10/04 11:56 AM, [EMAIL PROTECTED] wrote: >> One thing I'd be interested to know, but can't find the answer to on >> VeriSign's FAQ page about this change[1], is whether the TTL value will >> still be 48 hours. If it is, that will mean that although new domains > >Verisign Registry's Matt Larson answered this on the NANOG list >late Friday: > > ... > >In other words, for all the iterative resolvers out there that have >this credibility mechanism, the 48-hour TTL on data in .com/.net isn't >particularly relevant.
Hmmm. Unfortunately, many large ISPs use resolvers that ignore "credibility", as can be seen from this query: http://www.dnsstuff.com/tools/ispdns.ch?name=aol.com&type=NS Any resolver showing a cached time > 1 hour is using the 48 hour TTL from the roots; when I tested it just now, this was true of 14 of 38 that responded, including resolvers run by large organizations like AT&T WorldNet, SprintNet, MCI WorldCom, and UUNet. Not a scientific survey, certainly, but a large enough number to demonstrate that relying on the credibility mechanism as a solution is not very, ummm, robust. Ah well; that was probably too much to hope for. -- Robert Mathews, Tiger Technologies http://www.tigertech.net/ "Clever things make people feel stupid, and unexpected things make them feel scared."
