Microsoft shorten TTL in anticipation of MyDoom.B payload

In anticipation of the MyDoom.B payload striking tomorrow, Microsoft have shortened the TTL [time to live] on the DNS entry to five minutes. Yesterday the TTL was set to just under an hour.

Essentially, Microsoft is accepting the significantly higher load on its name servers [outsourced to Akamai] as the premium of an insurance policy in the event that it wants to move very quickly.

In this regard Microsoft is being very circumspect towards the potential payload of MyDoom B virus, which anti-virus companies have tended to belittle. Of course, this may simply reflect the fact that Microsoft is directly at risk from the payload, while the anti-virus companies are merely informed bystanders, rather than Microsoft's view of the likely traffic levels being significantly different to the anti-virus companies' expectations.

Our expectation is that Microsoft will defend the payload from its own network, at least initially. If Microsoft does decide to deploy Akamai's http caching, this should not necessarily be read as an admission that its in-house infrastructure could not cope; it is more likely to be motivated by a public spirited desire to keep the traffic off the Internet's main arteries by absorbing the payload as close to the sources of the attacks as possible.      2993    IN      CNAME 18    IN      CNAME 300  IN      A 300  IN      A 300  IN      A 300  IN      A 300  IN      A 300  IN      A 300  IN      A 300  IN      A
% date
Mon Feb  2 20:56:09 GMT 2004