On Mon, 16 May 2016 09:12:54 +0200 Matus UHLAR - fantomas <uh...@fantomas.sk> wrote:
> short ttl's are more likely on abusers' DNS. good for refusing > delisting. I would love to see data on the correlation. I think it's pretty mild. A few random tests on consumer cable IPs reveals TTLs for the reverse DNS ranging from a couple of hours to a day. For example, 24.34.32.22 => c-24-34-32-22.hsd1.ma.comcast.net. has a TTL of two hours while 24.44.32.22 => ool-182c2016.dyn.optonline.net. has a TTL of a day. The reverse-DNS of our server, roaringpenguin.com, which we do not control has a TTL of only one hour: 70.38.112.54 => roaringpenguin.com but the A record going the other way has a TTL of 86400. Regards, Dianne.
