[dns-operations] More Aggressive prefetch for popular names
Tony Finch
dot at dotat.at
Mon Apr 8 12:21:28 UTC 2019
Mukund Sivaraman <muks at mukund.org> wrote:
> On Mon, Apr 08, 2019 at 12:08:57PM +0100, Tony Finch wrote:
> > Davey Song <songlinjian at gmail.com> wrote:
> > >
> > > The recent event happened last week was a name of CCTV VOD services, people
> > > call in complaining they can not open the video. It was found that in Gang
> > > Zhou City, the DNS of a local broadband service provider served stale data
> > > for that name for hours.
> >
> > It sounds to me like the problem was that the resolver had been configured
> > with a large minimum TTL, which should be fixed by not misconfiguring the
> > resolver in the first place.
>
> The default in the case of BIND is 1 week for postive answers.
That's the serve-stale ttl not the default minimum ttl (which is zero). I
don't think the resolver was serving stale answers because it was using
serve-stale: if it was using serve-stale it should only serve stale
answers if the upstream is unreachable, in which case flushing the cache
will just change the kind of failure from connecting to the wrong VOD
server to being unable to resolve the server at all.
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
Cape Wrath to Rattray Head including Orkney: Northeasterly, veering easterly,
4 or 5, occasionally 6 in north. Moderate, occasionally rough at first. Fair.
Moderate or good.
More information about the dns-operations
mailing list