[dns-operations] More Aggressive prefetch for popular names

Doug Barton dougb at dougbarton.email
Sat Apr 6 18:58:23 UTC 2019

On 4/6/19 10:14 AM, Davey Song wrote:
> Thanks bert, Fred and Florian for your comments. I think I may not make 
> the problem statement clear in my first mail.
> The target issue here is the outage of popluar names during the TTL 
> (usually hours). 


> I heard this issue from a popular name owner in China. I would ask is it 
> a typical and commen problem for other popular names. Is there any 
> existing solution or work around for this kind of problem.

Yes, understand how DNS works, and configure your authoritative servers 
in a manner that fits your needs.

The "popular sites" you mention have all done this already. They also 
tend to use services like Akamai, which use short TTLs, dynamic records, 
and CDNs which limit the types of damage that you are describing.

We have to get out of the mindset that it's our job to fix someone 
else's mistakes. We keep adding kludges to the DNS which increase our 
attack surface, and the more we increase code complexity the more we 
open ourselves up to bugs, both serious and not.


More information about the dns-operations mailing list