nanog mailing list archives
Re: Jonathan Yarden @ TechRepublic: Disable DNS caching on workstations
From: Matthew Sullivan <matthew () sorbs net>
Date: Tue, 19 Apr 2005 14:16:35 +1000
Mikael Abrahamsson wrote:
On Mon, 18 Apr 2005, Jason Frisvold wrote:Is it possible to "prevent" poisoning attacks? Is it beneficial, or even possible, to prevent TTL's from being an excessively high value?It would be very interesting in seeing the difference in DNS traffic for a domain if it sets TTL to let's say 600 seconds or 86400 seconds. This could perhaps be used as a metric in trying to figure out the impact of capping the TTL? Anyone know if anyone did this on a large domain and have some data to share?
First hand experience, I can tell you that decreasing the SORBS NS records TTLs to 600 seconds resulted in 90qps to the primary servers, increating the TTLs to 86400 dropped the query rate to less than 5 per second. (That's just the base zone, not the dnsbl NS records)
Regards, Mat
Current thread:
- Re: Jonathan Yarden @ TechRepublic: Disable DNS caching on workstations, (continued)
- Re: Jonathan Yarden @ TechRepublic: Disable DNS caching on workstations Chris Adams (Apr 18)
- Re: Jonathan Yarden @ TechRepublic: Disable DNS caching on workstations Patrick W. Gilmore (Apr 18)
- Re: Jonathan Yarden @ TechRepublic: Disable DNS caching on workstations Chris Adams (Apr 18)
- Re: Jonathan Yarden @ TechRepublic: Disable DNS caching on workstations Patrick W. Gilmore (Apr 18)
- Re: Jonathan Yarden @ TechRepublic: Disable DNS caching on workstations Chris Adams (Apr 18)
- Re: Jonathan Yarden @ TechRepublic: Disable DNS caching on workstations Eric Louie (Apr 18)
- Re: Jonathan Yarden @ TechRepublic: Disable DNS caching on workstations Daniel Golding (Apr 18)
- Re: Jonathan Yarden @ TechRepublic: Disable DNS caching on workstations Jason Frisvold (Apr 18)
- Re: Jonathan Yarden @ TechRepublic: Disable DNS caching on workstations Mikael Abrahamsson (Apr 18)
- Re: Jonathan Yarden @ TechRepublic: Disable DNS caching on workstations Florian Weimer (Apr 18)
- Re: Jonathan Yarden @ TechRepublic: Disable DNS caching on workstations Jason Frisvold (Apr 18)
- Re: Jonathan Yarden @ TechRepublic: Disable DNS caching on workstations Matthew Sullivan (Apr 18)
- Re: Jonathan Yarden @ TechRepublic: Disable DNS caching on workstations Randy Bush (Apr 18)
- Re: Jonathan Yarden @ TechRepublic: Disable DNS caching on workstations Rachael Treu Gomes (Apr 18)
- Re: Jonathan Yarden @ TechRepublic: Disable DNS caching on workstations Florian Weimer (Apr 18)
- Re: Jonathan Yarden @ TechRepublic: Disable DNS caching on workstations Peter & Karin Dambier (Apr 18)
- Re: Jonathan Yarden @ TechRepublic: Disable DNS caching on workstations Tony Rall (Apr 18)
- Re: Jonathan Yarden @ TechRepublic: Disable DNS caching on workstations JC Dill (Apr 19)