[dns-operations] DNS Flush Protocol

Jim Reid jim at rfc1035.com
Fri Mar 27 21:42:51 UTC 2015


On 27 Mar 2015, at 20:56, Warren Kumari <warren at kumari.net> wrote:

> I was saying is that we don't really need to reach *every* recursive,
> whatever we do manage to do will be better than the current position.

I disagree Warren. What's wrong with the status quo? Why can't it be left to the discretion of each manager of a resolving server to make their own decisions about when and why to flush their caches? It's not clear to me that there is a problem that needs fixing here. Discussions of possible solutions seems to be putting the cart before the horse.

OK, George said he wants a pony. I'd like to see a clear problem statement. I have a feeling we're both going to be disappointed. :-)

> Sure, a fully awesome, all shining, all dancing cache flush solution
> that can securely flush all caches everywhere would be best, but until
> this comes along, something, anything really, is better than posting
> on DNS-Operations....

Doing nothing from a protocol perspective looks to be just fine and quite probably the Right Thing To Do. YMMV.

I wonder too about the potential security and stability implications of this all-singing, all-dancing cache flushing solution. For example suppose organisation A's forwarding only servers get resolving service from organisation B. How would B's servers forward the received flush requests to A's? Suppose a botnet floods resolving servers with cache flush requests to make those servers then hammer authoritative servers. Cache flush requests to delete the metadata for the root would make things rather interesting too.





More information about the dns-operations mailing list