Mikael Abrahamsson wrote:
On Mon, 18 Apr 2005, Jason Frisvold wrote:
Is it possible to "prevent" poisoning attacks? Is it beneficial, or even possible, to prevent TTL's from being an excessively high value?
It would be very interesting in seeing the difference in DNS traffic for a domain if it sets TTL to let's say 600 seconds or 86400 seconds. This could perhaps be used as a metric in trying to figure out the impact of capping the TTL? Anyone know if anyone did this on a large domain and have some data to share?
First hand experience, I can tell you that decreasing the SORBS NS records TTLs to 600 seconds resulted in 90qps to the primary servers, increating the TTLs to 86400 dropped the query rate to less than 5 per second. (That's just the base zone, not the dnsbl NS records) Regards, Mat