RE: Can bind be configured to not drop RR's from the cache when the upstream DNS server is unresponsive

Fri, 18 Mar 2016 20:34:42 -0700 

Using DNS records beyond the owner-published TTL is risky business. You can’t 
even know if the same legal entity is providing the content or services 
previously published at that address/endpoint, and this uncertainty raises 
security and/or liability concerns.

                                                                                
                                                                                
                                - Kevin


From: Ron [mailto:ron.a...@gmail.com]
Sent: Thursday, March 17, 2016 11:46 AM
To: Darcy Kevin (FCA)
Cc: bind-users@lists.isc.org
Subject: Re: Can bind be configured to not drop RR's from the cache when the 
upstream DNS server is unresponsive

I did not mean forwarders, but I had a case where the authoritative name 
servers for a domain were down
for an extended period of time, exceeding the ttl for their records. I was 
curious if I could tell my DNS servers
to serve these records for longer than the registered ttl. And I wanted to 
automate that.

But I'm afraid that's not gonna fly.

Ron



On Thu, Mar 17, 2016 at 4:27 PM, Darcy Kevin (FCA) 
<kevin.da...@fcagroup.com<mailto:kevin.da...@fcagroup.com>> wrote:
By “upstream” I assume you’re talking about forwarders. If your forwarders are 
flakey, have you ever considered simply *not*forwarding*? That would seem to be 
a better, structural solution to your problem, than holding DNS data beyond its 
cache-expiration time (a really BAD idea).

                                                                                
                                                                                
                                - Kevin
[FCA_Pantone_email]
----------------------------------------------------------------------
Kevin Darcy
NAFTA Information Security Projects

FCA US LLC
1075 W Entrance Dr,
Auburn Hills, MI 48326
USA

Telephone: +1 (248) 838-6601<tel:%2B1%20%28248%29%20838-6601>
Mobile: +1 (810) 397-0103<tel:%2B1%20%28810%29%20397-0103>
Email: kevin.da...@fcagroup.com<mailto:kevin.da...@fcagroup.com>

From: bind-users-boun...@lists.isc.org<mailto:bind-users-boun...@lists.isc.org> 
[mailto:bind-users-boun...@lists.isc.org<mailto:bind-users-boun...@lists.isc.org>]
 On Behalf Of Ron
Sent: Thursday, March 17, 2016 7:37 AM
To: bind-users@lists.isc.org<mailto:bind-users@lists.isc.org>
Subject: Can bind be configured to not drop RR's from the cache when the 
upstream DNS server is unresponsive

Hi,

subject says all. Read manpages, could not find this in the FAQ's.
Hope this is possible. If not does anyone know of other name servers
that offer this option?

Thanks,
Ron Arts



_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org<mailto:bind-users@lists.isc.org>
https://lists.isc.org/mailman/listinfo/bind-users


_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to