Re: ICANN SSAC Report on Fast Flux Hosting and DNS

["Dude VanWinkle" <dudevanwinkle () gmail com>]

On Jan 30, 2008 5:59 PM,  <Valdis.Kletnieks () vt edu> wrote:
> On Wed, 30 Jan 2008 17:18:16 EST, Dude VanWinkle said:
> > On Jan 30, 2008 4:03 PM, Gadi Evron <ge () linuxbox org> wrote:
> > > I was somewhat involved, so can vouch this is serious work.
> >
> >
> > I guess it would be a bad idea to block traffic based on the ttl and
> > expiry of records with less than x seconds then..
>
> Some of us drop the TTL on things a week or so before a hardware move to a new
> IP address, so you don't keep a stale cached value around after we do the move..
>
> For some things, we've gone down to 300 or even 60 seconds (having phone calls
> for 3600 seconds after you move www.your-domain. tends to make the help desk
> people seriously consider doing Bad Things to your car - and if you haven't
> outsourced your help desk, they probably know what kind of car you drive. ;)


I drop the ttl/expiry to 5 min right before an IP change. If the ttl
was 2 weeks then i drop the ttl/expiry to 1 day up until 1 day before,
in which i drop it to 5 min, then do the changeover after 24 hours.

Thats why I put the ;-), I would be a good idea if it wasnt infeasible

Also why I said seconds and not minutes (O_o)

-JP\
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.