[dns-operations] Who Ignores TTLs ?
David Conrad
drc at virtualized.org
Thu Feb 17 19:25:03 UTC 2011
On Feb 17, 2011, at 9:31 AM, Rick Jones wrote:
> Mark Andrews wrote:
>> It's the apps not the caches that don't respect TTLs.
> Well, they can't really. Certainly not directly. Getaddrinfo() (or gethostbyname()) don't give TTL information to the application.
Yes, the current APIs suck, but I don't think the application should try to manage the TTL. Applications already know too much about the network.
> The only way they could "respect" the TTLs would be to make a getaddrinfo() call before every connection, no matter how short-lived,
I've always this sort of problem would best be fixed by putting name-RR mapping (and connection address management) into a separate process or the kernel. I even went so far as to write a hacked up a compatibility library and a daemon that returned class E addresses that were used as indexes into a daemon-managed table where the mappings were kept (doing stuff like re-querying when DNS TTLs expired for names associated with addresses in sockets that were still active, allowing (some) legacy code to multi-home and use IPv6 transparently (which works in the trivial cases, but breaks in the same places NAT does), etc). All good fun, but basically a waste of time...
> in which case the complaint would be applications making too many DNS queries and every end point in the Internet should run their queries through a system local cache.
I've also felt that end points should run their own validating caching resolver, albeit primarily for security reasons (to quote Ripley slightly out of context, "it's the only way to be sure.").
Regards,
-drc
More information about the dns-operations
mailing list