On Thu, 2021-09-30 at 15:31 -0700, Michael Sinatra wrote: > Once the negative cache ttl expires (5 min according to > the SOA minimum)
It appears AWS DNS has a bug here - their negative responses advertise the 900 second TTL on the SOA records in negative responses, instead of the 300 second MINIMUM. This, of course, changes nothing about your argument. (But it would be nice if AWS fixed this.) > , people will start resolving and validating stuff > again, rather than having to force-flush or wait for the 24 hour DS TTL > to expire. (By my calculation, we still have 17 hours to go, vs. 5 > minutes.) >From the data I have found at dnsviz, indeed, some time between 15:30 UTC and 17:24 UTC. (And for those wondering about caching on positive responses, A queries for both slack.com and status.slack.com currently hold a 60 second TTL. However 1 hour on slack.com/TXT and 2 days on slack.com/NS, which may hurt.) Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
