Jonathan Yarden @ TechRepublic: Disable DNS caching on workstations

• Previous message (by thread): Jonathan Yarden @ TechRepublic: Disable DNS caching on workstations
• Next message (by thread): Jonathan Yarden @ TechRepublic: Disable DNS caching on workstations
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Mikael Abrahamsson wrote:

>
> On Mon, 18 Apr 2005, Jason Frisvold wrote:
>
>> Is it possible to "prevent" poisoning attacks?  Is it beneficial, or 
>> even possible, to prevent TTL's from being an excessively high value?
>
>
> It would be very interesting in seeing the difference in DNS traffic 
> for a domain if it sets TTL to let's say 600 seconds or 86400 seconds. 
> This could perhaps be used as a metric in trying to figure out the 
> impact of capping the TTL? Anyone know if anyone did this on a large 
> domain and have some data to share?

First hand experience, I can tell you that decreasing the SORBS NS 
records TTLs to 600 seconds resulted in 90qps to the primary servers, 
increating the TTLs to 86400 dropped the query rate to less than 5 per 
second. (That's just the base zone, not the dnsbl NS records)

Regards,

Mat

• Previous message (by thread): Jonathan Yarden @ TechRepublic: Disable DNS caching on workstations
• Next message (by thread): Jonathan Yarden @ TechRepublic: Disable DNS caching on workstations
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]