override ttl=0

Bill Larson wllarso at swcp.com
Fri Jan 4 03:34:43 UTC 2008 

On Jan 3, 2008, at 7:15 AM, Stephane Bortzmeyer wrote:
> Remember: the one who takes the decision (using TTL=0) is not the one
> who pays for it (in terms of larger work for the recursor). So, it
> seems reasonable that the persons who pay have some sort of control.

You are implying that the end user is the one who pays for an  
administrator setting their TTL=0.  I would argue that it is actually  
the reverse.  The hosting system will be hit much harder due to this  
low TTL value, which also implies that their network is going to be  
hit harder.  And, if their server and network cannot support the  
load, then their targeted end users will stop using the services  
because things are slow.

So, an administrator that use a zero TTL may possibly be hurting  
themselves.  Just another way to look at this problem.

Now, another question.  Is it the responsibility of DNS  
administrators to "fix" problems caused by other people?  I view  
attempting this as a death spiral into the toilet.  A "fix" here  
breaks a properly working situation there requiring another fix  
causing another break...  When does it stop?  In my opinion, by never  
trying to "fix" a systemic problem at any point other than the  
original source.

As to "chasing the uneducated admins to educate them", yes people do  
this.  A user attempting to use one of these misconfigured systems,  
after talking to the local DNS admin to learn what the problem is,  
can contact someone providing the service that they want and inform  
them that they can't use their service until their configuration is  
corrected.  If a user feels that the service is important, they will  
be willing to contact the service provider to tell them that there is  
a problem.  The alternative is to not be able to use the service  
provided.

I suspect that all of us, readers of the BIND-USERS list, have done  
this, as users, at one time or another.

But, the original poster was referring to a problem with a particular  
piece of hardware, not a software configuration.  So, in this  
situation, I would strongly suggest that they refer this whole thread  
to Cisco, the hardware developer/manufacturer, for a solution.  To  
quote Cisco's web page on this product:

> NAT-PT is an interoperability solution that does not require any  
> modifications or extra software, such as dual stacks, to be  
> installed on any end user host of either IPv4 or IPv6 networks


Well, if the use of this product requires a modification of BIND,  
then this statement is incorrect.  It needs to be corrected.  Or  
maybe the network implementation using NAT-PT is incorrectly designed  
and Cisco may be able to assist in providing a proper implementation.

Bill

More information about the bind-users mailing list