[registrars] Re: panix.com hijacked

Joe Abley jabley at isc.org
Mon Jan 17 18:54:26 UTC 2005


On 17 Jan 2005, at 13:08, Steven M. Bellovin wrote:

> The suggestion that someone made the other day -- that the TTL on zones
> be ramped up gradually by the registries after creation or transfer --
> is, I think, a good one.

Records in the control of the registry are the NS records in the parent 
zone (the "com" zone in this case). Those are non-authoritative and are 
going to get replaced in caches with data from the authority servers 
for the delegated zones (ns[12].access.net, in this case), once those 
servers are reached.

So the TTLs of records in the registry-operated zones will likely have 
no impact on how long NS records for delegated zones remain in caches.

If panix (or anybody else) wants to increase the time that their NS 
records stay in caches, the way to do it is to increase the TTLs on the 
authoritative NS records in their own zones. For panix.com, these 
appear to be set to 72 hours (the non-authoritative NS records for 
PANIX.COM in the COM zone have 48-hour TTLs).

I will now sit back wait for Mark Andrews to appear and flame me to 
death for my inadequate understanding of the DNS. This is, of course, a 
subtle ploy to help reduce my Ontario winter heating costs, and to 
avoid having to spend the rest of the afternoon chipping ice off the 
driveway with a shovel.


Joe




More information about the NANOG mailing list