On 13/03/2007, at 12:17 PM, Ewen McNeill wrote:
In message <45F5DAA1.9070701(a)deanpemberton.com>, Dean Pemberton writes:
I can remember a time when a similar question was raised about zero time TTLs on records. [...] It was with a bank. [...] "We want to make sure that each and every request for an IP address comes to our DNS server. We don't want it to be cached at all as this can lead to someone hijacking the cache. We like it this way"
So if someone _does_ manage to find a way to poison the cache with a record, then they can happily set a long TTL on the poison record and avoid any other lookups. And there's an almost zero chance that there'll be valid cached record there to prevent the poisoned one being cached.
Seems to me some people don't think through the logical consequences of their actions. It also seems to me that anyone needing failover in less than about an hour wants a different solution than updating DNS entries (load balancer, anycast, etc).
These solutions are about failover between sites where anycast is (a) not possible because of lack of BGP, or (b) a concern for connection oriented protocols (TCP). It's also useful to balance load between sites, as Simon suggested Google and Yahoo do. Agreed that people who make silly decisions like that are, well, silly. A fairly good example of "A little bit of knowledge is much more dangerous than none". -- Nathan Ward