funsec mailing list archives
Re: ICANN SSAC Report on Fast Flux Hosting and DNS
From: John Payne <john () sackheads org>
Date: Wed, 30 Jan 2008 18:45:28 -0500
On Jan 30, 2008, at 5:59 PM, Valdis.Kletnieks () vt edu wrote:
On Wed, 30 Jan 2008 17:18:16 EST, Dude VanWinkle said:On Jan 30, 2008 4:03 PM, Gadi Evron <ge () linuxbox org> wrote:I was somewhat involved, so can vouch this is serious work.I guess it would be a bad idea to block traffic based on the ttl and expiry of records with less than x seconds then..Some of us drop the TTL on things a week or so before a hardware move to a new IP address, so you don't keep a stale cached value around after we do the move. For some things, we've gone down to 300 or even 60 seconds (having phone calls for 3600 seconds after you move www.your-domain. tends to make the help desk people seriously consider doing Bad Things to your car - and if you haven't outsourced your help desk, they probably know what kind of car you drive. ;)
Conversely, blocking based on low TTL may also upset your helpdesk if your users hit a bunch of popular websites or rely on os or av auto updates... _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- ICANN SSAC Report on Fast Flux Hosting and DNS Paul Ferguson (Jan 30)
- Re: ICANN SSAC Report on Fast Flux Hosting and DNS Gadi Evron (Jan 30)
- Re: ICANN SSAC Report on Fast Flux Hosting and DNS Dude VanWinkle (Jan 30)
- Re: ICANN SSAC Report on Fast Flux Hosting and DNS Valdis . Kletnieks (Jan 30)
- Re: ICANN SSAC Report on Fast Flux Hosting and DNS John Payne (Jan 30)
- Re: ICANN SSAC Report on Fast Flux Hosting and DNS Dude VanWinkle (Jan 30)
- Re: ICANN SSAC Report on Fast Flux Hosting and DNS coderman (Jan 30)
- Re: ICANN SSAC Report on Fast Flux Hosting and DNS Dude VanWinkle (Jan 30)
- Re: ICANN SSAC Report on Fast Flux Hosting and DNS Gadi Evron (Jan 30)