Is there a standard time duration before DNS caches are cleared?

user981178 asked:

Is there a standard time duration before DNS caches are cleared, so that if a distracted operator or stuck key turns a TTL of 86400 into 864000000 you don’t end up with an authoritative resource record or even entire DNS zone whose changes won’t be recognized for 27.397 years?

And, if there is no protection against this sort of error, then what is the reasoning behind allowing TTL duration up to 68 years instead of a maximum value of perhaps one month?

My answer:

You’ll be happy to know that most (if not all) DNS server software has protection against this scenario.

For example:

Microsoft DNS server has a MaxCacheTTL setting, which defaults to 86400. So regardless of any TTL setting in DNS RRs, if this is not adjusted, the DNS server will not cache anything longer than a day.

BIND also has a similar setting max-cache-ttl, which defaults to 604800 (7 days).

PowerDNS alao has the setting max-cache-ttl and defaults to 86400.

Unbound names the setting cache-max-ttl and defaults to 86400.

Since BIND is still the most popular DNS server out there, its 7 day default will affect you. If you find out this has happened, you’ll probably have to wait a week before most everyone has flushed their caches.

View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.