[dns-operations] Paranoid mode for resolvers

Edward Lewis Ed.Lewis at neustar.biz
Tue Sep 6 11:37:36 UTC 2011


At 12:00 +1200 9/3/11, Jay Daley wrote:

>Has anybody come across a resolver that attempts to deal with this,
>say by re-checking a new (to the resolver) delegation 10, 30, 60, etc
>minutes afterwards ignoring the TTL until after those checks have passed,
>assuming the TTL is longer?  Sort of a paranoid mode that operators can
>configure the resolver to follow.

BIND's ARM has this option, applying to all sets in the cache, not 
just delegation records:

# max-cache-ttl
#
# Sets the maximum time for which the server will cache ordinary
# (positive) answers. The default is one week (7 days).  A value of zero
# may cause all queries to return SERVFAIL, because of lost caches
# of intermediate RRsets (such as NS and glue AAAA/A records) in the
# resolution process.

IMHO - messing with mother nature for good has possible bad side effects.

-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis             
NeuStar                    You can leave a voice message at +1-571-434-5468

Vote for the word of the day:
"Papa"razzi - father that constantly takes photos of the baby
Corpureaucracy - The institution of corporate "red tape"



More information about the dns-operations mailing list