Can bind be configured to not drop RR's from the cache when the upstream DNS server is unresponsive

Thu Mar 17 22:17:30 UTC 2016

Using DNS records beyond the owner-published TTL is risky business. You can’t even know if the same legal entity is providing the content or services previously published at that address/endpoint, and this uncertainty raises security and/or liability concerns.

                                                                                                                                                                                                - Kevin

From: Ron [mailto:ron.arts at gmail.com]
Sent: Thursday, March 17, 2016 11:46 AM
To: Darcy Kevin (FCA)
Cc: bind-users at lists.isc.org
Subject: Re: Can bind be configured to not drop RR's from the cache when the upstream DNS server is unresponsive

I did not mean forwarders, but I had a case where the authoritative name servers for a domain were down
for an extended period of time, exceeding the ttl for their records. I was curious if I could tell my DNS servers
to serve these records for longer than the registered ttl. And I wanted to automate that.

But I'm afraid that's not gonna fly.

Ron

On Thu, Mar 17, 2016 at 4:27 PM, Darcy Kevin (FCA) <kevin.darcy at fcagroup.com<mailto:kevin.darcy at fcagroup.com>> wrote:
By “upstream” I assume you’re talking about forwarders. If your forwarders are flakey, have you ever considered simply *not*forwarding*? That would seem to be a better, structural solution to your problem, than holding DNS data beyond its cache-expiration time (a really BAD idea).

                                                                                                                                                                                                - Kevin
[FCA_Pantone_email]
----------------------------------------------------------------------
Kevin Darcy
NAFTA Information Security Projects

FCA US LLC
1075 W Entrance Dr,
Auburn Hills, MI 48326
USA

Telephone: +1 (248) 838-6601<tel:%2B1%20%28248%29%20838-6601>
Mobile: +1 (810) 397-0103<tel:%2B1%20%28810%29%20397-0103>
Email: kevin.darcy at fcagroup.com<mailto:kevin.darcy at fcagroup.com>

From: bind-users-bounces at lists.isc.org<mailto:bind-users-bounces at lists.isc.org> [mailto:bind-users-bounces at lists.isc.org<mailto:bind-users-bounces at lists.isc.org>] On Behalf Of Ron
Sent: Thursday, March 17, 2016 7:37 AM
To: bind-users at lists.isc.org<mailto:bind-users at lists.isc.org>
Subject: Can bind be configured to not drop RR's from the cache when the upstream DNS server is unresponsive

Hi,

subject says all. Read manpages, could not find this in the FAQ's.
Hope this is possible. If not does anyone know of other name servers
that offer this option?

Thanks,
Ron Arts

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
bind-users at lists.isc.org<mailto:bind-users at lists.isc.org>
https://lists.isc.org/mailman/listinfo/bind-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20160317/21fd000f/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 3764 bytes
Desc: image001.jpg
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20160317/21fd000f/attachment-0001.jpg>