[dns-operations] DNS Flush Protocol

Francis Dupont Francis.Dupont at fdupont.fr
Fri Mar 27 17:45:21 UTC 2015


 In your previous mail you wrote:

>  I hereby propose an automated cache flush mechanism. I have no idea
>  what such a protocol should look like, however support for it probably
>  needs to be built in to standard DNS software. BIND needs a setting
>  that can tell it to register with "cacheflushservice.net" which will
>  result in the "cacheflushservice.net" server sending out a request to
>  flush google.com to all registered servers whenever I ask them to
>  flush google.com for me.

=> bind provides with rndc flush of the whole cache or a name or
a treee (i.e., all entries under a name). So you are about an external
interface to this admin function.

>  Comments? Ideas? Does someone want to make a slightly more formal
>  proposal for what such a protocol should look like?

=> I have a concern about security, in particular because the lack
of trust relationship but we can design something to allow someone
to flush his own names, can't we?

Regards

Francis.Dupont at fdupont.fr

PS: we already have home made ways to proof ownership of a domain so
perhaps the first step should be to formalize/standardize one?



More information about the dns-operations mailing list