[dns-operations] More Aggressive prefetch for popular names

Ondřej Surý ondrej at sury.org
Mon Apr 8 06:07:42 UTC 2019


Hear, hear. The DNS protocol should not be a place to fix provisioning errors. It’s already too complex even without adding additional kludges.

Ondrej
--
Ondřej Surý <ondrej at sury.org>

> On 6 Apr 2019, at 20:58, Doug Barton <dougb at dougbarton.email> wrote:
> 
>> On 4/6/19 10:14 AM, Davey Song wrote:
>> Thanks bert, Fred and Florian for your comments. I think I may not make the problem statement clear in my first mail.
>> The target issue here is the outage of popluar names during the TTL (usually hours). 
> 
> [snip]
> 
>> I heard this issue from a popular name owner in China. I would ask is it a typical and commen problem for other popular names. Is there any existing solution or work around for this kind of problem.
> 
> Yes, understand how DNS works, and configure your authoritative servers in a manner that fits your needs.
> 
> The "popular sites" you mention have all done this already. They also tend to use services like Akamai, which use short TTLs, dynamic records, and CDNs which limit the types of damage that you are describing.
> 
> We have to get out of the mindset that it's our job to fix someone else's mistakes. We keep adding kludges to the DNS which increase our attack surface, and the more we increase code complexity the more we open ourselves up to bugs, both serious and not.
> 
> Doug
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-operations mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations




More information about the dns-operations mailing list