[dns-operations] TTL=0; Last known good answer (Re: dns retries amplify attack)

Robert Edmonds edmonds at mycre.ws
Tue Oct 25 16:39:10 UTC 2016


Paul Vixie wrote:
> i think the best way to do this is without any signalling change. just
> use the TTL for expiration, and use some other interval like 10% of the
> TTL or 3X the SOA MINIMUM for re-fetch. but you'd only do this for
> things in the cache that actually get used a lot.

You appear to be describing pre-fetching, which already exists (e.g. it
is enabled by default in BIND >= 9.10). Are you saying that pre-fetching
is a good enough substitute for serving hot stale records past their TTL
expiration?

-- 
Robert Edmonds



More information about the dns-operations mailing list