On Mar 30, 2011, at 3:30 PM, Paul Wouters wrote: > On Wed, 30 Mar 2011, W.C.A. Wijngaards wrote: > >>> I read that as: if the record is authenticated, put it in the cache and >>> use it until the TTL has expired. >> >> Actually unbound caps the TTL so it does not extend beyond the >> expiration time. > > Interesting. Isn't that dangerous? It could cause peak loads if all > resolvers worldwide throw away the record at the exact same time... Only if you have expiration times that are shorter than TTL, right? Is that common?