Re: Minimum TTL?

Am 09.02.2018 um 07:02 schrieb sth...@nethelp.no: I think what is "OK" is up to each administrator. Obviously the zone administrators have decided that they want people to use the 2s TTL. That being said, it is up to each individual recursive server operator if they want to honor what the

Re: Minimum TTL?

> I think what is "OK" is up to each administrator. > > Obviously the zone administrators have decided that they want people to > use the 2s TTL. > > That being said, it is up to each individual recursive server operator > if they want to honor what the zone administrators have published, or

Re: Minimum TTL?

On Thu, Feb 8, 2018 at 4:34 PM, Grant Taylor via bind-users < bind-users@lists.isc.org> wrote: > On 02/08/2018 08:51 AM, Mukund Sivaraman wrote: > >> Also, just for argument's sake, one user wants to extend TTLs to 5s. >> Another wants 60s TTLs. What is OK and what is going too far? >> > > I

Re: Minimum TTL?

On 02/08/2018 08:51 AM, Mukund Sivaraman wrote: Also, just for argument's sake, one user wants to extend TTLs to 5s. Another wants 60s TTLs. What is OK and what is going too far? I think what is "OK" is up to each administrator. Obviously the zone administrators have decided that they want

Re: Minimum TTL?

Am 08.02.2018 um 17:07 schrieb Tony Finch: Reindl Harald wrote: yes, you are free to decide that named don't need to support the users wish of such a feature. but the result is that the user stops to use named at all on a inbound-mailserver and is done Or you could

Re: Minimum TTL?

Am 08.02.2018 um 17:10 schrieb Mukund Sivaraman: On Thu, Feb 08, 2018 at 05:05:51PM +0100, Reindl Harald wrote: I doubt the zone owner is forcing you to use their zone. You can nix fetches to it. If you want the zone data, then follow what the zone owner requires. does not matter It

Re: Minimum TTL?

On Thu, Feb 08, 2018 at 05:05:51PM +0100, Reindl Harald wrote: > > I doubt the zone owner is forcing you to use their zone. You can nix > > fetches to it. If you want the zone data, then follow what the zone > > owner requires. > > does not matter It matters to us. Mukund

Re: Minimum TTL?

Reindl Harald wrote: yes, you are free to decide that named don't need to support the users wish of such a feature. but the result is that the user stops to use named at all on a inbound-mailserver and is done On 08.02.18 16:07, Tony Finch wrote: Or you could use

Re: Minimum TTL?

Barry Margolin wrote: > There are some servers that will avoid expiring records if the auth > servers stop responding, as a fail-safe mechanism. For instance, BIND 9.12 - https://www.isc.org/blogs/bind-9-12-almost-ready/ Tony. -- f.anthony.n.finch

Re: Minimum TTL?

Am 08.02.2018 um 17:03 schrieb Barry Margolin: In article , Reindl Harald wrote: frankly, even *if* i pay for the service i would call it a good citizen to produce less load and the "minimum-ttl" also reduces

Re: Minimum TTL?

Reindl Harald wrote: > > yes, you are free to decide that named don't need to support the users wish of > such a feature. but the result is that the user stops to use named at all on a > inbound-mailserver and is done Or you could use patched versions from FreeBSD or

Re: Minimum TTL?

Am 08.02.2018 um 16:51 schrieb Mukund Sivaraman: On Thu, Feb 08, 2018 at 04:39:36PM +0100, Reindl Harald wrote: Am 08.02.2018 um 16:34 schrieb Mukund Sivaraman: If the RRset wants a TTL of N seconds, then that is the authoritative instruction from the owner of the zone about how the data

Re: Minimum TTL?

In article , Reindl Harald wrote: > frankly, even *if* i pay for the service i would call it a good citizen > to produce less load and the "minimum-ttl" also reduces load from other > RBL's without any restriction

Re: Minimum TTL?

On Thu, Feb 08, 2018 at 04:39:36PM +0100, Reindl Harald wrote: > > > Am 08.02.2018 um 16:34 schrieb Mukund Sivaraman: > > On Thu, Feb 08, 2018 at 01:30:04PM +0200, Michelle Konzack wrote: > > > Hello Harald, > > > Am 2018-02-08 hackte Reindl Harald in die Tasten: > > > > you miss the topic > > >

Re: Minimum TTL?

Am 08.02.2018 um 16:39 schrieb Reindl Harald: Am 08.02.2018 um 16:34 schrieb Mukund Sivaraman: On Thu, Feb 08, 2018 at 01:30:04PM +0200, Michelle Konzack wrote: Hello Harald, Am 2018-02-08 hackte Reindl Harald in die Tasten: you miss the topic many DNSBL's have a very short TTL and at the

Re: Minimum TTL?

Am 08.02.2018 um 16:34 schrieb Mukund Sivaraman: On Thu, Feb 08, 2018 at 01:30:04PM +0200, Michelle Konzack wrote: Hello Harald, Am 2018-02-08 hackte Reindl Harald in die Tasten: you miss the topic many DNSBL's have a very short TTL and at the same time a limit of queries froma single IP

Re: Minimum TTL?

On Thu, Feb 08, 2018 at 01:30:04PM +0200, Michelle Konzack wrote: > Hello Harald, > Am 2018-02-08 hackte Reindl Harald in die Tasten: > > you miss the topic > > > > many DNSBL's have a very short TTL and at the same time a limit of > > queries froma single IP until you need to pay for the service

Re: Minimum TTL?

Am 08.02.2018 um 16:16 schrieb John Levine: In article you write: you miss the topic many DNSBL's have a very short TTL and at the same time a limit of queries from a single IP until you need to pay for the service This doesn't sound

Re: Minimum TTL?

In article you write: >you miss the topic > >many DNSBL's have a very short TTL and at the same time a limit of >queries froma single IP until you need to pay for the service This doesn't sound like a technical problem. Is there some reason

Re: disable dnssec for particular domain

Matus UHLAR - fantomas wrote: > > and in case of private/internal domain even logical - it's not useful to > push DS records to parent, and even possible with 2 versions of the same > zone. You can have a secure delegation in the parent if you sign both versions of the zone

Re: Minimum TTL?

Am 08.02.2018 um 12:30 schrieb Michelle Konzack: Hello Harald, Am 2018-02-08 hackte Reindl Harald in die Tasten: you miss the topic many DNSBL's have a very short TTL and at the same time a limit of queries froma single IP until you need to pay for the service so if you have a inbound MX

Re: Minimum TTL?

Hello Harald, Am 2018-02-08 hackte Reindl Harald in die Tasten: > you miss the topic > > many DNSBL's have a very short TTL and at the same time a limit of > queries froma single IP until you need to pay for the service > > so if you have a inbound MX and the RBL has 2 seconds TTL and a botnet >

Re: Minimum TTL?

Am 08.02.2018 um 11:10 schrieb Michelle Konzack: Am 2018-02-08 hackte LuKreme in die Tasten: Is it possible to tell bind to ignore very short TTLs and enforce a...say... 5 second minimum TTL? VERY SHORT TTL? 5 sec minimum? What Du you mean with ignoring? It is you YOU have to configure

Re: Minimum TTL?

Thankyou for clarification... Am DATE hackte AUTHOR in die Tasten: Karol Augustin > On 2018-02-08 10:10, Michelle Konzack wrote: >> Hi, >> >> Am 2018-02-08 hackte LuKreme in die Tasten: >>> Is it possible to tell bind to ignore very short TTLs and enforce >>> a...say... 5 second minimum TTL? >>

Re: Minimum TTL?

On 2018-02-08 10:10, Michelle Konzack wrote: > Hi, > > Am 2018-02-08 hackte LuKreme in die Tasten: >> Is it possible to tell bind to ignore very short TTLs and enforce >> a...say... 5 second minimum TTL? > > VERY SHORT TTL? > > 5 sec minimum? > > What Du you mean with ignoring? > It is you YOU

Re: Minimum TTL?

Hi, Am 2018-02-08 hackte LuKreme in die Tasten: > Is it possible to tell bind to ignore very short TTLs and enforce > a...say... 5 second minimum TTL? VERY SHORT TTL? 5 sec minimum? What Du you mean with ignoring? It is you YOU have to configure Bind9 correctly to longer TTLs. If the NS Entry

Re: Minimum TTL?

Am 08.02.2018 um 09:52 schrieb LuKreme: Is it possible to tell bind to ignore very short TTLs and enforce a...say... 5 second minimum TTL? no, such a feature was refused because it violates RFC's (questionable justification for a local decision not enbaled by default) and hence on a

Re: disable dnssec for particular domain

On 08.02.18 19:12, Mark Andrews wrote: You break a chain of trust by proving there is a insecure delegation. that should be expected :-) and in case of private/internal domain even logical - it's not useful to push DS records to parent, and even possible with 2 versions of the same zone.

Minimum TTL?

Is it possible to tell bind to ignore very short TTLs and enforce a...say... 5 second minimum TTL? -- This is my signature. There are many like it, but this one is mine. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe

Re: disable dnssec for particular domain

You break a chain of trust by proving there is a insecure delegation. NXDOMAIN is not a delegation. The point on OPTOUT is to allow the parent zone to add and remove insecure delegations without resigning. Mark > On 7 Feb 2018, at 11:26 pm, Tony Finch wrote: > > Pruned debug