Re: ICANN SSAC Report on Fast Flux Hosting and DNS

[John Payne <john () sackheads org>]

On Jan 30, 2008, at 5:59 PM, Valdis.Kletnieks () vt edu wrote:

> On Wed, 30 Jan 2008 17:18:16 EST, Dude VanWinkle said:
> > On Jan 30, 2008 4:03 PM, Gadi Evron <ge () linuxbox org> wrote:
> > > I was somewhat involved, so can vouch this is serious work.
> >
> >
> > I guess it would be a bad idea to block traffic based on the ttl and
> > expiry of records with less than x seconds then..
>
> Some of us drop the TTL on things a week or so before a hardware  
> move to a new
> IP address, so you don't keep a stale cached value around after we  
> do the move.
>
> For some things, we've gone down to 300 or even 60 seconds (having  
> phone calls
> for 3600 seconds after you move www.your-domain. tends to make the  
> help desk
> people seriously consider doing Bad Things to your car - and if you  
> haven't
> outsourced your help desk, they probably know what kind of car you  
> drive. ;)

Conversely, blocking based on low TTL may also upset your helpdesk if  
your users hit a bunch of popular websites or rely on os or av auto  
updates...
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.