* Colm MacCárthaigh: > There's a good question embedded in that discussion: when a resolver > fails to get an answer from all of the authoritative nameservers for a > domain, why not use the last known answer, even if it's stale. > > Yes, that clearly violates the TTL of the rrset, but wouldn't be > over-all better for the health of the internet?
It's very difficult to implement properly, so that it does not increase the impact of hijacks. Even the best possible implementation may encourage additional denial of service attacks, to prevent resolvers from learning that the hijack event is over. I also suspect that these hosters have a fairly long tail in the set of requests they service, so this approach might still fail a large percentage of requests in the end, not improving matters all that much. _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
