Comment by greatgib

17 hours ago

Normally it should not have been, with cache and all, but that was the past...

Think about what would happen the day that letsencrypt is borken for whatever reason technical or like having a retarded US leader and being located in the wrong country. Taken into account the push of letsencrypt with major web browsers to restrict certificate validities for short periods like only a few days...

9 comments

greatgib

muvlon 17 hours ago

Let's Encrypt has to be down for days before people begin to feel the pain. DNS is very different, it breaks stuff immediately everywhere.

tharkun__ 16 hours ago
No it doesn't. DNS breaks as soon as TTLs run out. It's your choice to set them so low that stuff breaks immediately.
- account42 6 hours ago
  
  Unfortunately you can't set DNS TTL arbitrarily high (or low) without some resolvers ignoring your suggestion and using arbitrary values.
  
  1 reply →
- __float 12 hours ago
  
  What do you recommend then? DNS doesn't usually change that often, but if you mess it up when it does, you're in for some pain if TTLs are high!
  
  3 replies →
- ale42 7 hours ago
  
  This assumes that the host name you want has been recently queried. If it's not cached, good luck...