Can bind be configured to not drop RR's from the cache when the upstream DNS server is unresponsive
John Wobus
jw354 at cornell.edu
Fri Mar 25 16:49:03 UTC 2016
On Mar 18, 2016, at 6:28 AM, Barry Margolin <barmar at alum.mit.edu> wrote:
> In article <mailman.384.1458255932.73610.bind-users at lists.isc.org>,
> Mark Andrews <marka at isc.org> wrote:
>
>> How do you actually expect this to ever work in real life?
>
> I'm pretty sure Google DNS does this. Other resolver operators often get
> complaints about "Why can't I look up <whatever> through your DNS
> servers when I can do it through Google DNS?"
I’d guessed Google just re-queries before it needs to, which has benefits but
requires a more complex “clean out very-seldom-used records” strategy.
I’d imagine they'd use a somewhat-random amount of time to pre-query
as one of their measures against cache poisoning.
This would be a good nameserver feature, e.g. when a response is given
from the cache, a secret (shorter) ttl is adjusted to help assure continuity.
Or other variants. Such a feature might address Ron’s concern.
(I believe I recall discussions on this or another list, perhaps even
a feature in the wings.)
In any case, I cringe at the thought of overriding TTLs. They’re there
for a reason. In some instances, overriding could “help”, but in others, it
would be really, really bad.
John Wobus
Cornell University IT
More information about the bind-users
mailing list