Can bind be configured to not drop RR's from the cache when the upstream DNS server is unresponsive

Ron ron.arts at gmail.com
Thu Mar 17 22:47:37 UTC 2016


In general you're right of course,

but in this case it's a supplier who is unable to keeps his DNS servers
working, and we just want to keep the connectivity.

For various reasons it's not that easy to switch to a new supplier,
and in any case we need an intermediate solution.

Ron


On Thu, Mar 17, 2016 at 11:17 PM, Darcy Kevin (FCA) <
kevin.darcy at fcagroup.com> wrote:

> Using DNS records beyond the owner-published TTL is risky business. You
> can’t even know if the same legal entity is providing the content or
> services previously published at that address/endpoint, and this
> uncertainty raises security and/or liability concerns.
>
>
>
>
> - Kevin
>
>
>
>
>
> *From:* Ron [mailto:ron.arts at gmail.com]
> *Sent:* Thursday, March 17, 2016 11:46 AM
> *To:* Darcy Kevin (FCA)
> *Cc:* bind-users at lists.isc.org
> *Subject:* Re: Can bind be configured to not drop RR's from the cache
> when the upstream DNS server is unresponsive
>
>
>
> I did not mean forwarders, but I had a case where the authoritative name
> servers for a domain were down
>
> for an extended period of time, exceeding the ttl for their records. I was
> curious if I could tell my DNS servers
>
> to serve these records for longer than the registered ttl. And I wanted to
> automate that.
>
>
>
> But I'm afraid that's not gonna fly.
>
>
>
> Ron
>
>
>
>
>
>
>
> On Thu, Mar 17, 2016 at 4:27 PM, Darcy Kevin (FCA) <
> kevin.darcy at fcagroup.com> wrote:
>
> By “upstream” I assume you’re talking about forwarders. If your forwarders
> are flakey, have you ever considered simply **not*forwarding**? That
> would seem to be a better, structural solution to your problem, than
> holding DNS data beyond its cache-expiration time (a really BAD idea).
>
>
>
>
> - Kevin
>
> [image: FCA_Pantone_email]
>
> *----------------------------------------------------------------------*
>
> Kevin Darcy
> NAFTA Information Security Projects
>
>
>
> FCA US LLC
>
> 1075 W Entrance Dr,
>
> Auburn Hills, MI 48326
>
> USA
>
>
>
> Telephone: +1 (248) 838-6601
> Mobile: +1 (810) 397-0103
>
> Email: kevin.darcy at fcagroup.com
>
>
>
> *From:* bind-users-bounces at lists.isc.org [mailto:
> bind-users-bounces at lists.isc.org] *On Behalf Of *Ron
> *Sent:* Thursday, March 17, 2016 7:37 AM
> *To:* bind-users at lists.isc.org
> *Subject:* Can bind be configured to not drop RR's from the cache when
> the upstream DNS server is unresponsive
>
>
>
> Hi,
>
>
>
> subject says all. Read manpages, could not find this in the FAQ's.
>
> Hope this is possible. If not does anyone know of other name servers
>
> that offer this option?
>
>
>
> Thanks,
>
> Ron Arts
>
>
>
>
>
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
>
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20160317/b3876178/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 3764 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20160317/b3876178/attachment.jpg>


More information about the bind-users mailing list