[dns-operations] TTL=0; Last known good answer (Re: dns retries amplify attack)

Jared Mauch jared at puck.nether.net
Tue Oct 25 09:58:51 UTC 2016


This was my thought. This is really an unreachable authority issue. Would also help sites that become disconnected from the internet due to outage or other work. 

Jared Mauch

> On Oct 25, 2016, at 3:26 AM, Dave Warren <davew at hireahit.com> wrote:
> 
> I wonder if these concerns could be negated by only applying the "use
> stale data" logic when all authoritative servers timeout (or maybe also
> a SERVFAIL?), but a REFUSED, NOERROR, NXDOMAIN would still be handled
> with current logic?
> 





More information about the dns-operations mailing list