Hi Rubens, Thanks for being on the ball and keeping an eye out for anomalies in the various DNS zones.
There is an operational reason to have the TTLs low, the good thing is that it is completely temporary, and by the time you get this those TTLs will be back to normal "everyday" values. ICANN manages the a rather large domain portfolio, including in-addr.arpa. Over the last 4 months we have been working rather hard on migrating to a new set of DNSSEC signing infrastructure. The move to the new DNSSEC kit meant we couldn't export/import the keys from the old hardware security modules (HSMs). So we had to roll the KSKs for a huge slab of zones, in-addr.arpa being one. The downside to this particular Key roll is the necessity to leave the TTLs at the lower value, for longer than we planned, to allow administrative process of updating the DS records for in-addr.arpa in the parent to take its course. We are actually thinking, if there is interest, of sharing our experiences at the Montreal DNS-OARC workshop. Kind regards, Mauricio On 20150715, 8:45 , "dns-operations on behalf of Rubens Kuhl" <[email protected] on behalf of [email protected]> wrote: > >% dig @a.in-addr-servers.arpa. 12.in-addr.arpa. ns >... >12.in-addr.arpa. 5 IN NS cmtu.mt.ns.els-gms.att.net. >12.in-addr.arpa. 5 IN NS dbru.br.ns.els-gms.att.net. >12.in-addr.arpa. 5 IN NS cbru.br.ns.els-gms.att.net. >12.in-addr.arpa. 5 IN NS dmtu.mt.ns.els-gms.att.net. > >% dig @b.in-addr-servers.arpa. 1.in-addr.arpa. ns >1.in-addr.arpa. 5 IN NS ns1.apnic.net. >1.in-addr.arpa. 5 IN NS ns2.lacnic.net. >1.in-addr.arpa. 5 IN NS ns3.apnic.net. >1.in-addr.arpa. 5 IN NS ns4.apnic.net. >1.in-addr.arpa. 5 IN NS sec1.authdns.ripe.net. >1.in-addr.arpa. 5 IN NS apnic1.dnsnode.net. >1.in-addr.arpa. 5 IN NS tinnie.arin.net. > > 200.in-addr.arpa. 5 IN NS sec1.authdns.ripe.net. > 200.in-addr.arpa. 5 IN NS ns-lacnic.nic.mx. > 200.in-addr.arpa. 5 IN NS ns3.afrinic.net. > 200.in-addr.arpa. 5 IN NS a.arpa.dns.br. > 200.in-addr.arpa. 5 IN NS ns.lacnic.net. > 200.in-addr.arpa. 5 IN NS sec3.apnic.net. > 200.in-addr.arpa. 5 IN NS ns2.lacnic.net. > 200.in-addr.arpa. 5 IN NS tinnie.arin.net. > ;; Received 256 bytes from 2001:67c:e0::1#53(2001:67c:e0::1) in 225 ms > > > >I tried to think on operational reasons to keep TTLs so low for these >resources but couldn't think of anything... any ideas ? > > >Rubens > > >_______________________________________________ >dns-operations mailing list >[email protected] >https://lists.dns-oarc.net/mailman/listinfo/dns-operations >dns-jobs mailing list >https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
