Re: [dns-operations] 5s TTL on IANA /8s

[Keith Mitchell]

On 07/15/2015 08:49 PM, Mauricio Vergara wrote:

 There is an operational reason to have the TTLs low, the good thing is
 that it is completely temporary, and by the time you get this those TTLs
 will be back to normal everyday values.

 We are actually thinking, if there is interest, of sharing our experiences
 at the Montreal DNS-OARC workshop.

A reminder that both the Call for Presentations, Registration and
accommodation bookings for our Montreal workshop are open at:

https://indico.dns-oarc.net/event/24/

Keith

___
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs mailing list
https://lists.dns-oarc.net/mailman/listinfo/dns-jobs

Re: [dns-operations] 5s TTL on IANA /8s

[Mauricio Vergara]

Hi Rubens,

Thanks for being on the ball and keeping an eye out for anomalies in the
various DNS zones.

There is an operational reason to have the TTLs low, the good thing is
that it is completely temporary, and by the time you get this those TTLs
will be back to normal everyday values.

ICANN manages the a rather large domain portfolio, including in-addr.arpa.
Over the last 4 months we have been working rather hard on migrating to a
new set of DNSSEC signing infrastructure. The move to the new DNSSEC kit
meant we couldn't export/import the keys from the old hardware security
modules (HSMs).

So we had to roll the KSKs for a huge slab of zones, in-addr.arpa being
one. The downside to this particular Key roll is the necessity to leave
the TTLs at the lower value, for longer than we planned, to allow
administrative process of updating the DS records for in-addr.arpa in the
parent to take its course.

We are actually thinking, if there is interest, of sharing our experiences
at the Montreal DNS-OARC workshop.

Kind regards,

Mauricio



On 20150715, 8:45 , dns-operations on behalf of Rubens Kuhl
dns-operations-boun...@dns-oarc.net on behalf of rube...@nic.br wrote:


% dig @a.in-addr-servers.arpa. 12.in-addr.arpa. ns
...
12.in-addr.arpa.5INNScmtu.mt.ns.els-gms.att.net.
12.in-addr.arpa.5INNSdbru.br.ns.els-gms.att.net.
12.in-addr.arpa.5INNScbru.br.ns.els-gms.att.net.
12.in-addr.arpa.5INNSdmtu.mt.ns.els-gms.att.net.

% dig @b.in-addr-servers.arpa. 1.in-addr.arpa. ns
1.in-addr.arpa.5INNSns1.apnic.net.
1.in-addr.arpa.5INNSns2.lacnic.net.
1.in-addr.arpa.5INNSns3.apnic.net.
1.in-addr.arpa.5INNSns4.apnic.net.
1.in-addr.arpa.5INNSsec1.authdns.ripe.net.
1.in-addr.arpa.5INNSapnic1.dnsnode.net.
1.in-addr.arpa.5INNStinnie.arin.net.

   € 200.in-addr.arpa.   5   IN  NS  sec1.authdns.ripe.net.
   € 200.in-addr.arpa.   5   IN  NS  ns-lacnic.nic.mx.
   € 200.in-addr.arpa.   5   IN  NS  ns3.afrinic.net.
   € 200.in-addr.arpa.   5   IN  NS  a.arpa.dns.br.
   € 200.in-addr.arpa.   5   IN  NS  ns.lacnic.net.
   € 200.in-addr.arpa.   5   IN  NS  sec3.apnic.net.
   € 200.in-addr.arpa.   5   IN  NS  ns2.lacnic.net.
   € 200.in-addr.arpa.   5   IN  NS  tinnie.arin.net.
   € ;; Received 256 bytes from 2001:67c:e0::1#53(2001:67c:e0::1) in 225 ms
   €  


I tried to think on operational reasons to keep TTLs so low for these
resources but couldn't think of anything... any ideas ?


Rubens


___
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs mailing list
https://lists.dns-oarc.net/mailman/listinfo/dns-jobs


smime.p7s
Description: S/MIME cryptographic signature
___
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs mailing list
https://lists.dns-oarc.net/mailman/listinfo/dns-jobs