[dns-operations] Paranoid mode for resolvers
Ed.Lewis at neustar.biz
Tue Sep 6 11:37:36 UTC 2011
At 12:00 +1200 9/3/11, Jay Daley wrote:
>Has anybody come across a resolver that attempts to deal with this,
>say by re-checking a new (to the resolver) delegation 10, 30, 60, etc
>minutes afterwards ignoring the TTL until after those checks have passed,
>assuming the TTL is longer? Sort of a paranoid mode that operators can
>configure the resolver to follow.
BIND's ARM has this option, applying to all sets in the cache, not
just delegation records:
# Sets the maximum time for which the server will cache ordinary
# (positive) answers. The default is one week (7 days). A value of zero
# may cause all queries to return SERVFAIL, because of lost caches
# of intermediate RRsets (such as NS and glue AAAA/A records) in the
# resolution process.
IMHO - messing with mother nature for good has possible bad side effects.
NeuStar You can leave a voice message at +1-571-434-5468
Vote for the word of the day:
"Papa"razzi - father that constantly takes photos of the baby
Corpureaucracy - The institution of corporate "red tape"
More information about the dns-operations