The simplest type of fast flux, named "single-flux", is characterized by multiple individual nodes within the network registering and de-registering their addresses as part of the DNS A record list for a single DNS name. This combines round robin DNS with very short—usually less than five minutes -- TTL values to create a constantly changing list of destination addresses for that single DNS name. The list can be hundreds or thousands of entries long. A more sophisticated type of fast flux, referred to itself as "double-flux", is characterized by multiple nodes within the network registering and de-registering their addresses as part of the DNS Name Server record list for the DNS zone. This provides an additional layer of redundancy and survivability within the malware network. Within a malware attack, the DNS records will normally point to a compromised system that will act as a proxy server. This method prevents some of the traditionally best defense mechanisms from working — e.g., IP-based access control lists. The method can also mask the systems of attackers, which will exploit the network through a series of proxies and make it much more difficult to identify the attackers' network. The record will normally point to an IP where bots go for registration, to receive instructions, or to activate attacks. Because the IPs are proxified, it is possible to disguise the originating source of these instructions, increasing the survival rate as IP-based block lists are put in place. The most effective measure against fast flux is to take down the domain name it uses. Registrars are, however, reluctant to do so because domain owners are legitimate customers for them and there's no worldwide-enforced policy of what constitutes an abuse. In addition to this, cybersquatters, including fast flux operators, are their main source of income. Security experts keep working on measures to ease this process. Other measures can be taken by local network administrators. A network admin can force endpoints within their network to only be able to use local DNS servers by blocking all egress DNS traffic, and then blackhole requests for malicious domains at the DNS level. Alternatively, administrators with network devices capable of doing inspection and intervention can set up policies that reset connections that attempt to resolve or make HTTP requests involving malicious domains.