DNS TTL adherence
rjoffe at centergate.com
Wed Mar 15 14:16:35 UTC 2006
On Mar 15, 2006, at 1:56 AM, Simon Waters wrote:
> In answer to the original question, I'm not aware of any DNS
> servers that
> don't expire data at the end of the TTL period correctly. Failing
> to expire
> such data would be a good way of breaking things, and people would
> just not
> use such broken software.
Let me help you become aware, then...
> I'm not sure why the OP thinks someone would research such a bug in
> detail, my
> experience is they would just fix it.
Some people don't believe it is a bug, and therefor don't see that
anything needs "fixing".
Feel free to, for example, send 2 consecutive queries for a record
that has a short (<10,000 second TTL) to 188.8.131.52. This is one
of the over 100,000 random open recursive servers that have been
party to some of the recursive DNS server amplification DDoS attacks
over the last few weeks... and this behavior exists in a number of them.
If you can't think of a record to query for that has a short enough
TTL, I've created a wildcard entry of:
so that you can test this repeatedly without having to wait for the
overridden TTL to expire. Just use a different random wildcard record
each time (remembering to send 2 consecutive identical queries to see
$ dig @184.108.40.206 jhgfd.example.centergate.com a
This behavior is unfortunately not unique.
More information about the NANOG