[dns-operations] More Aggressive prefetch for popular names

Florian Weimer fweimer at redhat.com
Fri Apr 5 09:37:32 UTC 2019

* Davey Song(宋林健):

> I do know the context of draft-wkumari-dnsop-hammer (thanks to
> Mukund’s reminder,) but it is not aggressive enough. It pre-fetch only
> when it is close to the end of TTL. The intuitive approach to address
> the problem in my mind is to prefecth the popular names every 30
> seconds or less on popular resolvers. The performance optimization can
> be done using a separate special server other than the busy resolver.

The challenge for a cache implementation is that you need to do this not
just for the name with the A/AAAA records that clients query, but also
for all the infrastructure records.  It's also conceivable that an
attacker would use the mechanism to flush out cached valid
infrastructure records and *then* provide larger timeouts.


More information about the dns-operations mailing list