In message <45F5DAA1.9070701(a)deanpemberton.com>, Dean Pemberton writes:
I can remember a time when a similar question was raised about zero time TTLs on records. [...] It was with a bank. [...] "We want to make sure that each and every request for an IP address comes to our DNS server. We don't want it to be cached at all as this can lead to someone hijacking the cache. We like it this way"
So if someone _does_ manage to find a way to poison the cache with a record, then they can happily set a long TTL on the poison record and avoid any other lookups. And there's an almost zero chance that there'll be valid cached record there to prevent the poisoned one being cached. Seems to me some people don't think through the logical consequences of their actions. It also seems to me that anyone needing failover in less than about an hour wants a different solution than updating DNS entries (load balancer, anycast, etc). Ewen