Hi Kevin,
*If what you mean is that you want to serve 'stale' records from a cache when their TTLs have expired and the authoritative servers which provided them are not reachable, that's something that a number of existing recursive resolvers are able to do and it could be logical for systemd-resolved to offer it too.* We are looking to prepare a solution similar to this, to serve back records for *FQDN*s in case of *timeout *from the DNS server. We want to understand how we can extend systemd-resolved to override response from DNS server in case of timeouts/failures. Thanks Aditya On Mon, 13 Feb 2023 at 16:35, Kevin P. Fleming < lists.systemd-de...@kevin.km6g.us> wrote: > On Mon, Feb 13, 2023, at 05:38, Aditya Sharma wrote: > > Hi All, > > We needed help in understanding how systemd-resolved service can be > extended to cache DNS responses to protect against DNS server failures. > We were planning to maintain a cache so that we can override negative > responses from the DNS server and replace it with our cached last known > good record. > > > This sounds very dangerous. A 'negative' response from an authoritative > DNS server (NXDOMAIN, for example) is authoritative and should not be > overridden. > > If what you mean is that you want to serve 'stale' records from a cache > when their TTLs have expired and the authoritative servers which provided > them are not reachable, that's something that a number of existing > recursive resolvers are able to do and it could be logical for > systemd-resolved to offer it too. > >
