[dns-operations] More Aggressive prefetch for popular names

Davey Song songlinjian at gmail.com
Mon Apr 8 04:26:59 UTC 2019


Hi Paul,

Thanks for your questions. Reply in line.


> Please describe these "policy conflicts", and how they appear for some
> names but not for others.
>

 Local resolver has policy/strategy to set a larger TTL to reduce the
upstream traffic, in order to increase the cache hit rate and response
time. Some times, local resolver has policy to serve stale data in case of
network failure after TTL timeout. There may be others situation cause the
cache serve stale data.

If any intentional operation, or software bug, or manual misconfiguration
on resolver will cause the serve-stale situation which will become a
problems for names changing their records like NS, A/AAAA during the period
of stale data in the cache but not others keep unchanged.

The recent event happened last week was a name of CCTV VOD services, people
call in complaining they can not open the video. It was found that in Gang
Zhou City, the DNS of a local broadband service provider served stale data
for that name for hours. It is not clear which conflict or bug make the
trouble, but the fact is cache of that local ISP and downstream forwarder's
cache got impact. It takes time to purge that cache.

Please describe who is suffering, and how they suffer. (It feels like
> this could be an exaggeration.)
>

I did it in the above. It does not sound like an exaggeration, I think. If
you are talking with CDN/Cloud people, this is a typical operation issue
they need to face.

It is the problem of the authoritative servers when they guess wrong
> about their TTLs, and then they learn to guess better in the future.
>

 No. DNS in ISP and Teleco did something wrong.  As you are one author of
DOH, you must konw how name owners want to bypass the DNS in the middle.

Davey
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20190408/d65b613c/attachment.html>


More information about the dns-operations mailing list