28 Mar
2017
28 Mar
'17
7:36 p.m.
On Mar 28, 2017, at 1:18 PM, John Allen john@klam.ca wrote:
What would be a "good" TTL for TLSA records. Because of there use in validating encryption certs, etc I assume that the shorter the better. I currently use 15min, is this too long or too short?
Set the TTL slightly shorter than the time it takes you to notice and fix a problem with the records. If you're unlikely to respond to any issues in under an hour, a TTL of much less than an hour will not be beneficial. Very short TTLs also add latency to mail delivery. On the other hand, very long TTLs make prolong problem duration.
--
Viktor.