[77286] in North American Network Operators' Group
Re: [registrars] Re: panix.com hijacked
daemon@ATHENA.MIT.EDU (Edward Lewis)
Mon Jan 17 14:06:44 2005
In-Reply-To: <35E7652F-68B9-11D9-8737-000D93B24C7A@isc.org>
Date: Mon, 17 Jan 2005 14:06:15 -0500
To: nanog@merit.edu
From: Edward Lewis <Ed.Lewis@neustar.biz>
Cc: ed.lewis@neustar.biz
Errors-To: owner-nanog-outgoing@merit.edu
At 13:54 -0500 1/17/05, Joe Abley wrote:
>So the TTLs of records in the registry-operated zones will likely have no
>impact on how long NS records for delegated zones remain in caches.
>
>If panix (or anybody else) wants to increase the time that their NS records
>stay in caches, the way to do it is to increase the TTLs on the authoritative
>NS records in their own zones. For panix.com, these appear to be set to 72
>hours (the non-authoritative NS records for PANIX.COM in the COM zone have
>48-hour TTLs).
That's provided that the panix.com authoritative NS's are seen in the
cache. Not all name servers return the authoritative NS's in an
answer. (BIND has an option 'minimal-responses yes_or_no;' that
control this. The default is no, but I know of one "yes" user.)
The registrant's copy of the NS set is more credible (RFC 2181 speak)
than the registry's copy, so if a cache sees both, the cache tosses
the registry copy. But there's no guarantee that the cache will see
both. Usually it does though.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis +1-571-434-5468
NeuStar
"A noble spirit embiggens the smallest man." - Jebediah Springfield
