lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 19 May 2020 16:17:55 +0200 From: Florian Weimer <fweimer@...hat.com> To: David Howells <dhowells@...hat.com> Cc: linux-nfs@...r.kernel.org, linux-cifs@...r.kernel.org, linux-afs@...ts.infradead.org, ceph-devel@...r.kernel.org, keyrings@...r.kernel.org, netdev@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH] dns: Apply a default TTL to records obtained from getaddrinfo() * David Howells: > Fix this to apply a default TTL of 10mins in the event that we haven't got > one. This can be configured in /etc/keyutils/key.dns_resolver.conf by > adding the line: > > default_ttl: <number-of-seconds> > > to the file. If the name resolution is not needed continuously, but only for the connection attempt, I suggest to use a much shorter TTL, like five seconds or so. I'm worried that if the implied TTL is too long, some system administrators will have to figure out how to invalidate the DNS cache. Thanks, Florian
Powered by blists - more mailing lists