[dns-operations] More Aggressive prefetch for popular names
Florian Weimer
fweimer at redhat.com
Fri Apr 5 09:37:32 UTC 2019
* Davey Song(宋林健):
> I do know the context of draft-wkumari-dnsop-hammer (thanks to
> Mukund’s reminder,) but it is not aggressive enough. It pre-fetch only
> when it is close to the end of TTL. The intuitive approach to address
> the problem in my mind is to prefecth the popular names every 30
> seconds or less on popular resolvers. The performance optimization can
> be done using a separate special server other than the busy resolver.
The challenge for a cache implementation is that you need to do this not
just for the name with the A/AAAA records that clients query, but also
for all the infrastructure records. It's also conceivable that an
attacker would use the mechanism to flush out cached valid
infrastructure records and *then* provide larger timeouts.
Thanks,
Florian
More information about the dns-operations
mailing list