Hi Libor, I agree that EXPIRE should not be seen as an excuse for poor TTL hygiene, I see it more as the final cleanup after-action, used to remediate real production impact as quickly as achievable. As a DNS guy, keeping the lights on is paramount to me.
TTL guidance is a separate issue, I don’t think EXPIRE changes the expectation that an operator has the responsibility to choose TTL times that are appropriate for their business/operation, or any of the established best practices around that. I see EXPIRE scoped strictly as an operational tool for post-correction alignment across a known set of DNS resolvers. Best, Duane > On Nov 25, 2025, at 03:23, Libor Peltan > <[email protected]> wrote: > > I concur with Vladimir. > > Anyway, I'd much rather see a BCP draft saying that TTLs in general SHOULD > NOT be larger than 5 minutes (probably both on authoritative side and the > resolvers' own ceiling). > > /Libor > > On 21. 11. 25 10:47, Vladimír Čunát wrote: >> On 20/11/2025 17.30, Duane Powers wrote: >>> I have submitted a new individual draft proposing the EXPIRE opcode, >>> which allows an authenticated authoritative operator to request >>> immediate deletion of a specific RRset from a resolver cache. >> I'm afraid that this would even more encourage behavior that is detrimental >> to the DNS ecosystem. >> >> I.e. we break our DNS, but since we can fix 8.8.8.8 and a few others, it's >> just fine. I believe that this kind of cache-flushing should be very >> exceptional for absolute emergency, not something with an automated protocol. >> >> --Vladimir | knot-resolver.cz >> >> >> >> _______________________________________________ >> DNSOP mailing list -- [email protected] <mailto:[email protected]> >> To unsubscribe send an email to [email protected] >> <mailto:[email protected]> > _______________________________________________ > DNSOP mailing list -- [email protected] > To unsubscribe send an email to [email protected]
_______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
