[77290] in North American Network Operators' Group
Re: fwd: Re: [registrars] Re: panix.com hijacked
daemon@ATHENA.MIT.EDU (Joe Maimon)
Mon Jan 17 14:38:30 2005
Date: Mon, 17 Jan 2005 14:34:19 -0500
From: Joe Maimon <jmaimon@ttec.com>
To: "Steven M. Bellovin" <smb@cs.columbia.edu>
Cc: "william(at)elan.net" <william@elan.net>,
Andrew Brown <twofsonet@graffiti.com>,
William Allen Simpson <wsimpson@greendragon.com>, nanog@merit.edu,
"Ross Wm. Rader" <ross@tucows.com>
In-Reply-To: <20050117180850.B07E93C018E@berkshire.machshav.com>
Errors-To: owner-nanog-outgoing@merit.edu
Steven M. Bellovin wrote:
>In message <Pine.LNX.4.44.0501161225210.11207-100000@sokol.elan.net>, "william(
>at)elan.net" writes:
>
>
>>On Sun, 16 Jan 2005, Joe Maimon wrote:
>>
>>
>>
>>>Thus justifying those who load their NS and corresponding NS's A records
>>>with nice long TTL
>>>
>>>
>>Although this wasn't a problem in this case (hijacker did not appear to
>>have been interested in controlling dns since it points to default domain
>>registration and under construction page), but long TTL trick could be
>>used by hijackers - i.e. he gets some very popular domain, changes dns to
>>the one he controls and purposely sets long TTL. Now even if registrars
>>are able to act quickly and change registration back, those who cached new
>>dns data would keep it for quite long in their cache.
>>
>>
>>
>
>Many versions of bind have a parameter that caps TTLs to some rational
>maximum value -- by default in bind9, 3 hours. Unfortunately, the
>documentation suggests that the purpose of the max-ncache-ttl parameter
>is to let you increase the cap, in order to improve performance and
>decrease network traffic.
>
>The suggestion that someone made the other day -- that the TTL on zones
>be ramped up gradually by the registries after creation or transfer --
>is, I think, a good one.
>
> --Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb
>
>
>
>
From bv9ARM
*max-ncache-ttl*
To reduce network traffic and increase performance the server stores
negative answers. *max-ncache-ttl* is used to set a maximum
retention time for these answers in the server in seconds. The
default *max-ncache-ttl* is 10800 seconds (3 hours).
*max-ncache-ttl* cannot exceed 7 days and will be silently truncated
to 7 days if set to a greater value.
*max-cache-ttl*
*max-cache-ttl* sets the maximum time for which the server will
cache ordinary (positive) answers. The default is one week (7 days).
So loading TTL's to longer than 7 days will have diminishing returns.
Is this really such a good thing?
Joe
