On 19:29 13/11, Sadiq Saif wrote: > Hi all, > > While doing some checks on records in my zones I noticed that two public > resolvers limit maximum TTL values. Google Public DNS limits to six hours and > Quad9 limits to twelve hours. I tested this with a freshly created A record > to forgo the possibility of caching. The actual TTL of the record at the > authoritative servers is twenty four hours. > > What is the technical or other reason(s) for such TTL limiting? >
There are risks with excessively long TTL, for example, it is used as a technique when hijacking or poison a domain, to keep the fake record as much as possible in caches. For the same reason, I believe that each resolver has a tradeoff to deal with. The TTL indicates the maximum time for which I have the right to save a record. Nothing prevents you from consulting it again before, which would be the same effect of removing a little-used record from the hot cache before its expiration. Hugo
signature.asc
Description: PGP signature
_______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
