[registrars] Re: panix.com hijacked
jabley at isc.org
Mon Jan 17 18:54:26 UTC 2005
On 17 Jan 2005, at 13:08, Steven M. Bellovin wrote:
> The suggestion that someone made the other day -- that the TTL on zones
> be ramped up gradually by the registries after creation or transfer --
> is, I think, a good one.
Records in the control of the registry are the NS records in the parent
zone (the "com" zone in this case). Those are non-authoritative and are
going to get replaced in caches with data from the authority servers
for the delegated zones (ns.access.net, in this case), once those
servers are reached.
So the TTLs of records in the registry-operated zones will likely have
no impact on how long NS records for delegated zones remain in caches.
If panix (or anybody else) wants to increase the time that their NS
records stay in caches, the way to do it is to increase the TTLs on the
authoritative NS records in their own zones. For panix.com, these
appear to be set to 72 hours (the non-authoritative NS records for
PANIX.COM in the COM zone have 48-hour TTLs).
I will now sit back wait for Mark Andrews to appear and flame me to
death for my inadequate understanding of the DNS. This is, of course, a
subtle ploy to help reduce my Ontario winter heating costs, and to
avoid having to spend the rest of the afternoon chipping ice off the
driveway with a shovel.
More information about the NANOG