[Dnsmasq-discuss] RFC8767 stale TTL
Alexander Shevchenko
pepelac at gmail.com
Tue Mar 2 19:17:51 UTC 2021
It could be useful when dnsmasq is being used as a local caching DNS server
and upstream servers have issues or are unavailable.
WBR,
Alexander Shevchenko
On Tue, Mar 2, 2021 at 5:51 PM Petr Menšík <pemensik at redhat.com> wrote:
> Is it useful in case of dnsmasq?
>
> Both BIND and Unbound can work as iterative resolver, where they do all
> the hard work themselves. They can iterate from root. If some servers do
> not reply, they may serve stale cached data.
>
> Dnsmasq cannot work without upstream servers. It can select just working
> ones, but without any of them available, it would not work only
> partially. It would not work at all (except local names from
> /etc/hosts). So I am not sure how much useful it would be. If dnsmasq is
> under attack, resolved IP address would probably fail connecting to
> target, because dnsmasq is typically on the gateway.
>
> It is not very useful in case of dnsmasq IMHO.
>
> Cheers,
> Petr
>
> On 3/2/21 12:52 PM, Alexander Shevchenko wrote:
> > Hi
> > It would be great if dnsmasq would support RFC8767 (Serving Stale Data to
> > Improve DNS Resiliency)
> > If upstream servers are not available, dnsmasq returns stale entries.
> > This feature is already implemented in BIND and unbound.
> > https://www.isc.org/blogs/2020-serve-stale/
> > Any thoughts?
>
> --
> Petr Menšík
> Software Engineer
> Red Hat, http://www.redhat.com/
> email: pemensik at redhat.com
> PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20210302/e8faeb87/attachment.htm>
More information about the Dnsmasq-discuss
mailing list