At 7/10/04 11:56 AM, bill@daze.net wrote:
>> One thing I'd be interested to know, but can't find the answer to on
>> VeriSign's FAQ page about this change[1], is whether the TTL value will
>> still be 48 hours. If it is, that will mean that although new domains
>
>Verisign Registry's Matt Larson answered this on the NANOG list
>late Friday:
>
> ...
>
>In other words, for all the iterative resolvers out there that have
>this credibility mechanism, the 48-hour TTL on data in .com/.net isn't
>particularly relevant.
Hmmm. Unfortunately, many large ISPs use resolvers that ignore
"credibility", as can be seen from this query:
http://www.dnsstuff.com/tools/ispdns.ch?name=aol.com&type=NS
Any resolver showing a cached time > 1 hour is using the 48 hour TTL from
the roots; when I tested it just now, this was true of 14 of 38 that
responded, including resolvers run by large organizations like AT&T
WorldNet, SprintNet, MCI WorldCom, and UUNet.
Not a scientific survey, certainly, but a large enough number to
demonstrate that relying on the credibility mechanism as a solution is
not very, ummm, robust.
Ah well; that was probably too much to hope for.
-- Robert Mathews, Tiger Technologies http://www.tigertech.net/"Clever things make people feel stupid, and unexpected things make them feel scared."
This archive was generated by hypermail 2.1.3 : Tue Oct 19 2004 - 23:37:58 EDT