Is there a “wall of shame” for ISPs that don't respect DNS TTLs?

Ripe did some testing in 2017 that showed that most places (~94%) are doing the right thing. Somewhere around 6% of the DNS servers were either making the TTL last too long, or too short.

There's a downloadable zip file there where you could probably figure out who the offenders were. Ripe did say that it was a mix of both ISPs and Cloud providers.

https://labs.ripe.net/author/giovane_moura/dns-ttl-violation...

Edit: There are also probably some corporate MITM type "content filtering" caches that are screwing things up too, by caching web pages longer than they should.

I think it's a fool's errand into bullying people into solving your operational woes. You pretty much only have one option for dealing with real life DNS.

* Design your system assuming a hostile environment and that propagation time is on the order of hours.

* Draw and document a hard line above which you consider it your user's problem; i.e. you start assuming the world has updated after 2 hours and any stragglers can just get errors.

What problem are you encountering?

I worked on dns gslb for a long stretch at Facebook^WMeta, and didn’t see an excess of bad actors. The vast majority of users follow our dns changes in an orderly fashion. Most delay sources to clients themselves.

It's shorter to write down a list of good actors.

Generally I just assume a good old fashioned "48 hours", like in the olden days, and I have yet to be disappointed.

yes, any/all Turkish ISPs don't respect the TTL at all...