<div dir="ltr">In general you're right of course,<div><br></div><div>but in this case it's a supplier who is unable to keeps his DNS servers</div><div>working, and we just want to keep the connectivity.</div><div><br></div><div>For various reasons it's not that easy to switch to a new supplier,</div><div>and in any case we need an intermediate solution.</div><div><br></div><div>Ron</div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Mar 17, 2016 at 11:17 PM, Darcy Kevin (FCA) <span dir="ltr"><<a href="mailto:kevin.darcy@fcagroup.com" target="_blank">kevin.darcy@fcagroup.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div lang="EN-US" link="blue" vlink="purple">
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black">Using DNS records beyond the owner-published TTL is risky business. You can’t even know if the same legal entity is providing the content or services previously
published at that address/endpoint, and this uncertainty raises security and/or liability concerns.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black">
- Kevin<u></u><u></u></span></p>
<p class="MsoNormal"><span style="color:black"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="color:black"><u></u> <u></u></span></p>
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> Ron [mailto:<a href="mailto:ron.arts@gmail.com" target="_blank">ron.arts@gmail.com</a>]
<br>
<b>Sent:</b> Thursday, March 17, 2016 11:46 AM<br>
<b>To:</b> Darcy Kevin (FCA)<br>
<b>Cc:</b> <a href="mailto:bind-users@lists.isc.org" target="_blank">bind-users@lists.isc.org</a><br>
<b>Subject:</b> Re: Can bind be configured to not drop RR's from the cache when the upstream DNS server is unresponsive<u></u><u></u></span></p><div><div class="h5">
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<p class="MsoNormal">I did not mean forwarders, but I had a case where the authoritative name servers for a domain were down<u></u><u></u></p>
<div>
<p class="MsoNormal">for an extended period of time, exceeding the ttl for their records. I was curious if I could tell my DNS servers<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">to serve these records for longer than the registered ttl. And I wanted to automate that.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">But I'm afraid that's not gonna fly.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">Ron<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<p class="MsoNormal">On Thu, Mar 17, 2016 at 4:27 PM, Darcy Kevin (FCA) <<a href="mailto:kevin.darcy@fcagroup.com" target="_blank">kevin.darcy@fcagroup.com</a>> wrote:<u></u><u></u></p>
<div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black">By “upstream” I assume you’re talking about forwarders. If your forwarders are flakey, have you ever
considered simply *<b>not*forwarding</b>*? That would seem to be a better, structural solution to your problem, than holding DNS data beyond its cache-expiration time (a really BAD idea).</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black"> </span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black">
- Kevin</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black"><img border="0" width="131" height="48" src="cid:image001.jpg@01D1806A.11EF01E0" alt="FCA_Pantone_email"></span><u></u><u></u></p>
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black">----------------------------------------------------------------------</span></b><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Arial Black","sans-serif";color:black">Kevin Darcy</span><span style="font-size:8.0pt;font-family:"Arial","sans-serif";color:black"><br>
NAFTA Information Security Projects</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:black"> </span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Arial Black","sans-serif";color:black">FCA US LLC</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Arial","sans-serif";color:black">1075 W Entrance Dr,</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Arial","sans-serif";color:black">Auburn Hills, MI 48326</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Arial","sans-serif";color:black">USA</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Arial","sans-serif";color:black"> </span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Arial","sans-serif";color:black">Telephone:
<a href="tel:%2B1%20%28248%29%20838-6601" target="_blank">+1 (248) 838-6601</a> <br>
Mobile: <a href="tel:%2B1%20%28810%29%20397-0103" target="_blank">+1 (810) 397-0103</a></span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Arial","sans-serif";color:black">Email:
<a href="mailto:kevin.darcy@fcagroup.com" target="_blank">kevin.darcy@fcagroup.com</a></span><u></u><u></u></p>
<p class="MsoNormal"><span style="color:black"> </span><u></u><u></u></p>
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">
<a href="mailto:bind-users-bounces@lists.isc.org" target="_blank">bind-users-bounces@lists.isc.org</a> [mailto:<a href="mailto:bind-users-bounces@lists.isc.org" target="_blank">bind-users-bounces@lists.isc.org</a>]
<b>On Behalf Of </b>Ron<br>
<b>Sent:</b> Thursday, March 17, 2016 7:37 AM<br>
<b>To:</b> <a href="mailto:bind-users@lists.isc.org" target="_blank">bind-users@lists.isc.org</a><br>
<b>Subject:</b> Can bind be configured to not drop RR's from the cache when the upstream DNS server is unresponsive</span><u></u><u></u></p>
<div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
<div>
<p class="MsoNormal">Hi,<u></u><u></u></p>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">subject says all. Read manpages, could not find this in the FAQ's.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">Hope this is possible. If not does anyone know of other name servers<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">that offer this option?<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">Thanks,<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">Ron Arts<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
</div>
</div>
</div>
</div>
</div>
<p class="MsoNormal"><br>
_______________________________________________<br>
Please visit <a href="https://lists.isc.org/mailman/listinfo/bind-users" target="_blank">
https://lists.isc.org/mailman/listinfo/bind-users</a> to unsubscribe from this list<br>
<br>
bind-users mailing list<br>
<a href="mailto:bind-users@lists.isc.org" target="_blank">bind-users@lists.isc.org</a><br>
<a href="https://lists.isc.org/mailman/listinfo/bind-users" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a><u></u><u></u></p>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
</div>
</div>
</div></div></div>
</div>
<br>_______________________________________________<br>
Please visit <a href="https://lists.isc.org/mailman/listinfo/bind-users" rel="noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a> to unsubscribe from this list<br>
<br>
bind-users mailing list<br>
<a href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a><br>
<a href="https://lists.isc.org/mailman/listinfo/bind-users" rel="noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a><br></blockquote></div><br></div>