Frederico A C Neves wrote on 2021-10-05 09:01:
... Anyway I think that even though the incident was not DNS related "We", as the DNS community, could probably do better in future events. I would like to start a discussion or to hear implenters and operators of Full-service resolvers on what would be the best software architecture or best current configuration practice to handle a traffic pattern when a very popular name enters a scenario were all the auth-servers are timing-out or network unreachable.
was cache miss deduplication by q-tuple ever standardized? it is a nec'y part of kaminsky resistance and so ought to be part of whatever BCP corpus comes about. pending upstream query behaviour would be an expansion on cache miss dedup by q-tuple, such that a rising tide of timeouts would yield probabilistic prediction of servfail for cache misses aimed at the affected <zone,auth>.
in 2003, i implemented this as a form of negative caching, where the negativity spectrum included timeouts, refuseds, and servfails -- not just nxdomain. this worked well but needed refinement and the implementation was not open-source. so, you and i with rodney joffe published "resimprove" containing some of these ideas, but it has taken some decades to get these accepted.
i hope you succeed in this rekindling, and i would join any such effort. when it comes to authority dns responses to cache miss transactions, recent nonperformance is an excellent reason to predictively fail rather than packing good on top of bad. distributed state can be treated as a mass-like quantity, so that its inertia can be conserved at design time.
vixie -- Sent from Postbox <https://www.postbox-inc.com>
_______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
