[dns-operations] DNS Flush Protocol

Francis Dupont Francis.Dupont at fdupont.fr
Fri Mar 27 17:45:21 UTC 2015

 In your previous mail you wrote:

>  I hereby propose an automated cache flush mechanism. I have no idea
>  what such a protocol should look like, however support for it probably
>  needs to be built in to standard DNS software. BIND needs a setting
>  that can tell it to register with "cacheflushservice.net" which will
>  result in the "cacheflushservice.net" server sending out a request to
>  flush google.com to all registered servers whenever I ask them to
>  flush google.com for me.

=> bind provides with rndc flush of the whole cache or a name or
a treee (i.e., all entries under a name). So you are about an external
interface to this admin function.

>  Comments? Ideas? Does someone want to make a slightly more formal
>  proposal for what such a protocol should look like?

=> I have a concern about security, in particular because the lack
of trust relationship but we can design something to allow someone
to flush his own names, can't we?


Francis.Dupont at fdupont.fr

PS: we already have home made ways to proof ownership of a domain so
perhaps the first step should be to formalize/standardize one?

More information about the dns-operations mailing list