[Dnsmasq-discuss] RFC8767 stale TTL
Petr Menšík
pemensik at redhat.com
Tue Mar 2 14:40:29 UTC 2021
Is it useful in case of dnsmasq?
Both BIND and Unbound can work as iterative resolver, where they do all
the hard work themselves. They can iterate from root. If some servers do
not reply, they may serve stale cached data.
Dnsmasq cannot work without upstream servers. It can select just working
ones, but without any of them available, it would not work only
partially. It would not work at all (except local names from
/etc/hosts). So I am not sure how much useful it would be. If dnsmasq is
under attack, resolved IP address would probably fail connecting to
target, because dnsmasq is typically on the gateway.
It is not very useful in case of dnsmasq IMHO.
Cheers,
Petr
On 3/2/21 12:52 PM, Alexander Shevchenko wrote:
> Hi
> It would be great if dnsmasq would support RFC8767 (Serving Stale Data to
> Improve DNS Resiliency)
> If upstream servers are not available, dnsmasq returns stale entries.
> This feature is already implemented in BIND and unbound.
> https://www.isc.org/blogs/2020-serve-stale/
> Any thoughts?
--
Petr Menšík
Software Engineer
Red Hat, http://www.redhat.com/
email: pemensik at redhat.com
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 495 bytes
Desc: OpenPGP digital signature
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20210302/315966ab/attachment.sig>
More information about the Dnsmasq-discuss
mailing list