[dns-operations] DNS .com/.net resolution problems in the Asia/Pacific region
ietf-dane at dukhovni.org
Tue Jul 18 19:22:35 UTC 2023
On Tue, Jul 18, 2023 at 08:54:04PM +0200, Ondřej Surý wrote:
> With my implementor’s hat on, I think this is wrong approach. It
> (again) adds a complexity to the resolvers and yet again based
> (mostly) on isolated incident. I really don’t want yet another
> “serve-stale” in the resolvers. I have to yet see an evidence that
> serve-stale has helped anything since the original incident, but now
> every resolver has to have it because people want it.
How is this akin to "serve stale"? We're talking about retrying
response that fail to validate, just one might/would retry a response
that is "REFUSED", "SERVFAIL", has TC=1 over UDP, contains garbage, ...
The "serve stale" situation is quite different, here substantial new
logic is required, whereas with invalid responses, it is just a matter
of trying the next server up to some reasonable work limit.
Retries to reach a better authoritative server are core element of DNS
resilience in the face if inevitable partial degradation of service.
More information about the dns-operations