[registrars] Re: panix.com hijacked
Edward Lewis
Ed.Lewis at neustar.biz
Mon Jan 17 19:06:15 UTC 2005
At 13:54 -0500 1/17/05, Joe Abley wrote:
>So the TTLs of records in the registry-operated zones will likely have no
>impact on how long NS records for delegated zones remain in caches.
>
>If panix (or anybody else) wants to increase the time that their NS records
>stay in caches, the way to do it is to increase the TTLs on the authoritative
>NS records in their own zones. For panix.com, these appear to be set to 72
>hours (the non-authoritative NS records for PANIX.COM in the COM zone have
>48-hour TTLs).
That's provided that the panix.com authoritative NS's are seen in the
cache. Not all name servers return the authoritative NS's in an
answer. (BIND has an option 'minimal-responses yes_or_no;' that
control this. The default is no, but I know of one "yes" user.)
The registrant's copy of the NS set is more credible (RFC 2181 speak)
than the registry's copy, so if a cache sees both, the cache tosses
the registry copy. But there's no guarantee that the cache will see
both. Usually it does though.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis +1-571-434-5468
NeuStar
"A noble spirit embiggens the smallest man." - Jebediah Springfield
More information about the NANOG
mailing list