Paul Wouters <[email protected]> wrote: > > I am a bit confused here. The goal of the draft is to keep data past the > TTL in case you cannot reach the authoritative servers during a DDOS > attack.
Right. There's a tricky interaction between lameness and serve-stale. Say you have a partially-lame zone, where some servers might have an expired copy (returning SERVFAIL) and some might not know about the zone at all (returning REFUSED or referrals to the root). Typically (without serve-stale) a resolver will react by adding a lame server cache entry and re-trying other hopefully working servers. I think serve-stale should only take effect after this point, if a zone has at least one non-lame server, and all the non-lame servers do not respond. Tony. -- f.anthony.n.finch <[email protected]> http://dotat.at/ a fair, free and open society _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
