[dns-operations] More Aggressive prefetch for popular names
Doug Barton
dougb at dougbarton.email
Sat Apr 6 18:58:23 UTC 2019
On 4/6/19 10:14 AM, Davey Song wrote:
> Thanks bert, Fred and Florian for your comments. I think I may not make
> the problem statement clear in my first mail.
>
> The target issue here is the outage of popluar names during the TTL
> (usually hours).
[snip]
> I heard this issue from a popular name owner in China. I would ask is it
> a typical and commen problem for other popular names. Is there any
> existing solution or work around for this kind of problem.
Yes, understand how DNS works, and configure your authoritative servers
in a manner that fits your needs.
The "popular sites" you mention have all done this already. They also
tend to use services like Akamai, which use short TTLs, dynamic records,
and CDNs which limit the types of damage that you are describing.
We have to get out of the mindset that it's our job to fix someone
else's mistakes. We keep adding kludges to the DNS which increase our
attack surface, and the more we increase code complexity the more we
open ourselves up to bugs, both serious and not.
Doug
More information about the dns-operations
mailing list