[RPZ] DNSRPZ TTL Feature
nudgemac at fastmail.fm
Fri Apr 19 18:14:54 UTC 2013
On Fri, Apr 19, 2013, at 05:00 PM, P Vixie wrote:
> I don't think we can know that a low TTL has no reason.
> What security problems can you imagine solving with this feature?
More privacy than security, but of course it depends where you draw that
line. I've noted some instances where TTLs are purposely kept low
apparently for tracking or statistical purposes. But anyway I can use
other less elegant methods to deal with that if necessary.
> nudge <nudgemac at fastmail.fm> wrote:
> >Anyone else of the opinion that it would be useful to have a TTL
> >for RPZ to make it easy to fix some very low TTLs that exist for no
> >reason ? I imagine it being useful in some other situations also.
More information about the DNSfirewalls