On 04/10/2018 09:19 AM, Amos Jeffries wrote: > Consider, what would you expect to happen when DNS RRset changes > _multiple_ times within the same TTL that TCP uses for a SYN-ACK timeout > and retry? I would expect that nothing special happens to a good implementation: The TCP client would not notice the TTL expiration and RRset changes while dealing with packets on a single TCP connection. RRset TTL does _not_ mean that the client of a DNS cache cannot use the answer after the TTL expires. It means that the DNS cache itself should not return a stale answer to its client after the TTL expires. There is an architectural boundary between a DNS cache and a client of that DNS cache. Squid implementation may violate that boundary, but that Squid problem is not a good (long-term) justification for violating server TTLs. Connection reuse problems that you have described could be a good justification for a default minimum TTL of 60 seconds. IMHO, it is not a valid long-term justification for violating server TTLs when the admin wants to honor them. Cheers, Alex. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users