[dns-operations] [dDoS] Good discussion on the Rackspace attack and DNS resiliency
Paul Vixie
paul at redbarn.org
Thu Dec 25 22:32:08 UTC 2014
> * Colm MacCárthaigh:
>
>> > There's a good question embedded in that discussion: when a resolver
>> > fails to get an answer from all of the authoritative nameservers for a
>> > domain, why not use the last known answer, even if it's stale.
that's what opendns does.
>> >
>> > Yes, that clearly violates the TTL of the rrset, but wouldn't be
>> > over-all better for the health of the internet?
no. sometimes the old value is dangerous (private; load; loss) to the
person who changed it.
--
Paul Vixie
More information about the dns-operations
mailing list