Jonathan Yarden @ TechRepublic: Disable DNS caching on workstations

Mikael Abrahamsson swmike at swm.pp.se
Mon Apr 18 19:16:10 UTC 2005


On Mon, 18 Apr 2005, Jason Frisvold wrote:

> Is it possible to "prevent" poisoning attacks?  Is it beneficial, or 
> even possible, to prevent TTL's from being an excessively high value?

It would be very interesting in seeing the difference in DNS traffic for a 
domain if it sets TTL to let's say 600 seconds or 86400 seconds. This 
could perhaps be used as a metric in trying to figure out the impact of 
capping the TTL? Anyone know if anyone did this on a large domain and have 
some data to share?

If one had to repeate the cache poisoning every 10 minutes I guess life 
would be much harder than if you had to do it once every day?

-- 
Mikael Abrahamsson    email: swmike at swm.pp.se



More information about the NANOG mailing list