<<<
Chronological Index
>>> <<<
Thread Index
>>>
Re: [gnso-ff-pdp-may08] Internet Draft: Fast Flux Defense in DNS
- To: dave.piscitello@xxxxxxxxx
- Subject: Re: [gnso-ff-pdp-may08] Internet Draft: Fast Flux Defense in DNS
- From: Joe St Sauver <joe@xxxxxxxxxxxxxxxxxx>
- Date: Thu, 28 Aug 2008 14:35:03 -0700
Dave mentioned:
#It would be interesting to understand what the army uses TTL/600 for but
#I imagine it's one of those "we could tell you but then we'd have to kill
#you" answers.
Presumably short TTLs represent (at least in part) a desire to maintain
a degree of agility in the face of online threats, such as DDoS attacks,
or equipment failures.
#Nonetheless, it would be interesting to collect at least a sample list of
#network operators who use TTLs of 5 mins or less
It almost seems hard to find major sites that DON'T... :-)
Oh yes, are you interested in "A" records, NS records, or both? Sometimes
you'll see dramatically different values for one vs. the other:
www.berkeley.edu. 600 IN CNAME www.w3.berkeley.edu.
www.w3.berkeley.edu. 600 IN A 169.229.131.81
w3.berkeley.edu. 172800 IN NS adns2.berkeley.edu.
w3.berkeley.edu. 172800 IN NS ucb-ns.NYU.edu.
w3.berkeley.edu. 172800 IN NS adns1.berkeley.edu.
or
www.doubleclick.com. 300 IN A 216.73.93.8
doubleclick.com. 604800 IN NS ns2.doubleclick.net.
doubleclick.com. 604800 IN NS ns3.doubleclick.net.
doubleclick.com. 604800 IN NS ns4.doubleclick.net.
doubleclick.com. 604800 IN NS ns1.doubleclick.net.
;; Received 140 bytes from 216.73.86.10#53(ns1.doubleclick.net) in 78 ms
for example. You may also see short TTLs in CNAMEs:
www.aol.com. 60 IN CNAME www.aol.com.websys.akadns.net.
www.aim.com. 120 IN CNAME www.aim.com.websys.akadns.net.
www.icq.com. 600 IN CNAME www.gwww.icq.com.
www.bebo.com. 300 IN CNAME www.bebo.com.edgesuite.net.
www.cnet.com. 300 IN CNAME
gtm-tron-xw.cnet-basic-performance.akadns.net.
www.download.com. 300 IN CNAME
gtm-tron-xw.cnet-basic-performance.akadns.net.
www.comcast.net. 120 IN CNAME www.comcast.net.edgesuite.net.
www.blogger.com. 300 IN CNAME blogger.l.google.com.
www.orkut.com. 300 IN CNAME orkut.l.google.com.
www.youtube.com. 300 IN CNAME youtube.l.google.com.
www.nba.com. 300 IN CNAME www.nba.com.edgesuite.net.
www.photobucket.com. 300 IN CNAME photobucket.com.
Anyhow, some short (600 second or less TTL) domains that might be of interest:
www.imdb.com. 10800 IN CNAME us.imdb.com.
us.imdb.com. 10 IN CNAME us.dd.imdb.com.
us.dd.imdb.com. 240 IN NS ns-923.amazon.com.
us.dd.imdb.com. 240 IN NS ns-921.amazon.com.
us.dd.imdb.com. 240 IN NS ns-912.amazon.com.
us.dd.imdb.com. 240 IN NS ns-911.amazon.com.
;; Received 167 bytes from 204.69.234.1#53(udns1.ultradns.net) in 49 ms
----
www.facebook.com. 30 IN A 69.63.176.12
;; Received 50 bytes from 69.63.176.101#53(glb01.sf2p.tfbnw.net) in 35 ms
----
www.amazon.com. 60 IN A 72.21.203.1
;; Received 48 bytes from 72.21.204.208#53(ns-923.amazon.com) in 78 ms
----
www.weather.com. 60 IN A 65.207.183.121
weather.com. 1800 IN NS dns3.weather.com.
weather.com. 1800 IN NS dns1.weather.com.
weather.com. 1800 IN NS dns2.weather.com.
;; Received 154 bytes from 65.207.183.15#53(dns1.weather.com) in 82 ms
----
www.imageshack.us. 60 IN A 38.99.76.239
www.imageshack.us. 60 IN A 38.99.77.12
www.imageshack.us. 60 IN A 38.99.77.83
www.imageshack.us. 60 IN A 38.99.77.93
www.imageshack.us. 60 IN A 38.99.77.97
www.imageshack.us. 60 IN A 38.99.77.111
www.imageshack.us. 60 IN A 38.99.77.202
www.imageshack.us. 60 IN A 38.99.77.223
www.imageshack.us. 60 IN A 38.99.77.244
www.imageshack.us. 60 IN A 38.101.111.32
www.imageshack.us. 60 IN A 38.99.76.132
www.imageshack.us. 60 IN A 38.99.76.159
www.imageshack.us. 60 IN A 38.99.76.177
www.imageshack.us. 60 IN A 38.99.76.200
www.imageshack.us. 60 IN A 38.99.76.202
imageshack.us. 7200 IN NS ns5.imageshack.us.
imageshack.us. 7200 IN NS ns6.imageshack.us.
imageshack.us. 7200 IN NS ns7.imageshack.us.
imageshack.us. 7200 IN NS ns8.imageshack.us.
imageshack.us. 7200 IN NS ns9.imageshack.us.
imageshack.us. 7200 IN NS ns.imageshack.us.
imageshack.us. 7200 IN NS ns2.imageshack.us.
imageshack.us. 7200 IN NS ns3.imageshack.us.
imageshack.us. 7200 IN NS ns4.imageshack.us.
;; Received 500 bytes from 38.99.77.75#53(NS.imageshack.us) in 36 ms
----
www.craigslist.org. 300 IN A 208.82.236.208
craigslist.org. 300 IN NS ns1s.craigslist.org.
craigslist.org. 300 IN NS ns2s.craigslist.org.
craigslist.org. 300 IN NS ns1p.craigslist.org.
craigslist.org. 300 IN NS ns2p.craigslist.org.
;; Received 192 bytes from 208.82.239.175#53(ns2s.craigslist.org) in 50 ms
----
www.nytimes.com. 300 IN A 199.239.137.245
www.nytimes.com. 300 IN A 199.239.136.200
www.nytimes.com. 300 IN A 199.239.136.245
www.nytimes.com. 300 IN A 199.239.137.200
nytimes.com. 300 IN NS nydns1.about.com.
nytimes.com. 300 IN NS nydns2.about.com.
nytimes.com. 300 IN NS ns1t.nytimes.com.
;; Received 180 bytes from 199.239.137.15#53(ns1t.nytimes.com) in 87 ms
----
www.ebay.com. 3600 IN CNAME hp-core.ebay.com.
hp-core.ebay.com. 300 IN A 66.135.200.145
hp-core.ebay.com. 300 IN A 66.135.214.176
;; Received 84 bytes from 66.135.207.137#53(sjc-dns1.ebaydns.com) in 64 ms
----
www.wordpress.com. 14400 IN CNAME wordpress.com.
wordpress.com. 300 IN A 76.74.254.126
wordpress.com. 300 IN A 72.232.101.43
wordpress.com. 300 IN A 72.233.2.57
wordpress.com. 14400 IN NS ns1.wordpress.com.
wordpress.com. 14400 IN NS ns2.wordpress.com.
wordpress.com. 14400 IN NS ns3.wordpress.com.
;; Received 199 bytes from 72.232.101.25#53(ns1.wordpress.com) in 68 ms
----
www.flickr.com. 300 IN CNAME www.flickr.vip.mud.yahoo.com.
www.flickr.vip.mud.yahoo.com. 900 IN A 68.142.214.24
mud.yahoo.com. 172800 IN NS ns1.yahoo.com.
mud.yahoo.com. 172800 IN NS ns2.yahoo.com.
mud.yahoo.com. 172800 IN NS ns3.yahoo.com.
mud.yahoo.com. 172800 IN NS ns4.yahoo.com.
mud.yahoo.com. 172800 IN NS ns5.yahoo.com.
;; Received 257 bytes from 66.218.71.63#53(ns1.yahoo.com) in 41 ms
----
www.rapidshare.com. 600 IN CNAME rapidshare.com.
rapidshare.com. 600 IN A 195.122.131.17
rapidshare.com. 600 IN A 195.122.131.18
rapidshare.com. 600 IN A 195.122.131.19
rapidshare.com. 600 IN A 195.122.131.20
rapidshare.com. 600 IN A 195.122.131.21
rapidshare.com. 600 IN A 195.122.131.22
rapidshare.com. 600 IN A 195.122.131.2
rapidshare.com. 600 IN A 195.122.131.3
rapidshare.com. 600 IN A 195.122.131.4
rapidshare.com. 600 IN A 195.122.131.5
rapidshare.com. 600 IN A 195.122.131.6
rapidshare.com. 600 IN A 195.122.131.7
rapidshare.com. 600 IN A 195.122.131.8
rapidshare.com. 600 IN A 195.122.131.9
rapidshare.com. 600 IN A 195.122.131.10
rapidshare.com. 600 IN A 195.122.131.11
rapidshare.com. 600 IN A 195.122.131.12
rapidshare.com. 600 IN A 195.122.131.13
rapidshare.com. 600 IN A 195.122.131.14
rapidshare.com. 600 IN A 195.122.131.15
rapidshare.com. 600 IN A 195.122.131.16
rapidshare.com. 600 IN NS ns1.rapidshare.com.
rapidshare.com. 600 IN NS ns3.rapidshare.com.
rapidshare.com. 600 IN NS ns2.rapidshare.com.
;; Received 488 bytes from 195.122.131.250#53(ns1.rapidshare.com) in 191 ms
----
www.cnn.com. 600 IN A 64.236.91.21
www.cnn.com. 600 IN A 64.236.91.23
www.cnn.com. 600 IN A 64.236.16.20
www.cnn.com. 600 IN A 64.236.16.52
www.cnn.com. 600 IN A 64.236.24.12
www.cnn.com. 600 IN A 64.236.29.120
;; Received 125 bytes from 64.236.22.150#53(dmtns02.turner.com) in 83 ms
----
www.juniper.com. 600 IN A 164.109.49.175
juniper.com. 600 IN NS mia01.digex.com.
juniper.com. 600 IN NS mia02.digex.com.
;; Received 95 bytes from 216.255.129.249#53(mia01.digex.com) in 78 ms
----
www.ign.com. 300 IN CNAME appscs.ign.com.
appscs.ign.com. 3600 IN A 69.10.16.84
ign.com. 300 IN NS PDNS6.ULTRADNS.CO.UK.
ign.com. 300 IN NS PDNS5.ULTRADNS.INFO.
ign.com. 300 IN NS PDNS4.ULTRADNS.ORG.
ign.com. 300 IN NS PDNS3.ULTRADNS.ORG.
ign.com. 300 IN NS PDNS2.ULTRADNS.NET.
ign.com. 300 IN NS PDNS1.ULTRADNS.NET.
;; Received 244 bytes from 204.74.109.1#53(pdns2.ultradns.net) in 26 ms
----
reference.com. 7200 IN A 66.161.12.84
reference.com. 300 IN NS NAME1.ask.com.
reference.com. 300 IN NS name5.ask.com.
;; Received 123 bytes from 65.214.32.161#53(name1.askjeeves.com) in 101 ms
----
mozilla.org. 600 IN A 63.245.209.11
mozilla.org. 600 IN NS ns4.mydyndns.org.
mozilla.org. 600 IN NS ns5.mydyndns.org.
mozilla.org. 600 IN NS ns1.mozilla.org.
mozilla.org. 600 IN NS ns2.mydyndns.org.
mozilla.org. 600 IN NS ns2.mozilla.org.
mozilla.org. 600 IN NS ns3.mydyndns.org.
;; Received 194 bytes from 91.198.22.76#53(ns4.mydyndns.org) in 176 ms
----
www.dell.com. 600 IN CNAME www1.ins.dell.com.
ins.dell.com. 600 IN NS auspc3dns3.us.dell.com.
ins.dell.com. 600 IN NS auspc3dns4.us.dell.com.
ins.dell.com. 600 IN NS ausps3dns3.us.dell.com.
ins.dell.com. 600 IN NS ausps3dns4.us.dell.com.
;; Received 220 bytes from 143.166.82.251#53(ns1.us.dell.com) in 73 ms
Presumably all those guys might find going from 600 seconds to
86400 seconds or more to be a bit of a change. :-;
Regards,
Joe
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|