[dns-operations] More Aggressive prefetch for popular names

Doug Barton dougb at dougbarton.email
Mon Apr 8 18:28:34 UTC 2019


On 2019-04-07 19:03, Davey Song wrote:

>> The "popular sites" you mention have all done this already. They also 
>> tend to use services like Akamai, which use short TTLs, dynamic records, 
>> and CDNs which limit the types of damage that you are describing.
> 
> I missed one case in the "outage of popular names during the TTL ". It is that the short DNS TTL of CDN ,5 minutes for example, will be occasionally ignored and changed by resolver operators up to 2-3  hours due to some policy conflicts. 
> 
> [snip] 
> 
> If the resolver operator went out of their way to ignore the TTL in the first place, what makes you think that they will follow any guidance they receive to ignore it again?  
> 
>> We have to get out of the mindset that it's our job to fix someone 
>> else's mistakes.
> 
> Mistakes of both resolver and authoritaive servers are observed. I'm writing this not asking to add more straw on the camel. I just would like to konw any best practice on this issue on this mailing list. Or it is nothing but other people's problem?  
> 
> In a sense, yes. If you're an auth server operators, set your TTLs to meet your needs. If you're a resolver operator taking service calls, first confirm that the auth side has updated to something other than what you have, and if so, flush the cache.  
> 
> None of this is hard, or even complicated.  
> 
> Doug
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20190408/0539c44d/attachment.html>


More information about the dns-operations mailing list