[dns-operations] DNS Flush Protocol

George Michaelson ggm at apnic.net
Fri Mar 27 16:30:49 UTC 2015

There has been some theorising about not having cache any more.
Anywhere.  Or, in enforcing rigidly low small cache values which
represent low thousands of queries against the authority, so they act
as a 1-in-n hit reducer but in human scale time (minutes, seconds
even) there is no visible cacheing.

I doubt anyone wants to go their either. But, as an overhead in
protocol and design, its actually very low. We just need people to
upgrade to code which empties the LRU very very very aggressively.

Mind you, I'd like a pony too (EC-DSA everywhere, 5011 intent
signalling in resolver on query so we know where it is, better than
SERVFAIL signalling in DNSSEC failure...)

The problem with cache busting was pretty clear in HTTP back when
Squid mattered. Its really not very clean to send queries THROUGH a
service, asking it to do meta-state on the query, rather than doing
in-system work. It has twisty corners.


More information about the dns-operations mailing list