+1 for Paul Vixie. Not a big fan of sending stale answers. -----Original Message----- From: dns-operations [mailto:[email protected]] On Behalf Of Paul Vixie Sent: Friday, December 26, 2014 04:02 To: Colm MacCárthaigh Cc: dns-operations Subject: Re: [dns-operations] [dDoS] Good discussion on the Rackspace attack and DNS resiliency
> * Colm MacCárthaigh: > >> > There's a good question embedded in that discussion: when a >> > resolver fails to get an answer from all of the authoritative >> > nameservers for a domain, why not use the last known answer, even if it's >> > stale. that's what opendns does. >> > >> > Yes, that clearly violates the TTL of the rrset, but wouldn't be >> > over-all better for the health of the internet? no. sometimes the old value is dangerous (private; load; loss) to the person who changed it. -- Paul Vixie _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
