Tony Finch wrote on 2019-02-15 01:47:
... We have local stealth secondary copies of our zones on our recursive servers which helps to some extent, except when downstream validators want to get the chain of trust. But serve-stale should help.
prefetching or leasing or rrset subscription is expensive when viewed from the dns-at-large perspective. we ought to prioritize the information we will need most in the event of a network partition. and the idea that an operator would have to predict where a partition could take place, and add stealth secondaries for the things they know about, is wrong in two ways. it's too much work, and never enough benefit.
I wonder if it's worth having different prefetch logic for infrastructure records (NS, DS, glue, etc) to more eagerly keep them warm than leaf records.
yes, it obviously is, but only if you intend to use them even if the authority for some of your data is at that moment not reachable. so, serve-stale and hammer attempt to solve the wrong problem. if you're going to use something the way a stealth slave would do, you've got to ask the authority's instructions, and be capable of hearing and trusting NOTIFY events when that data changes for any reason.
-- P Vixie _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
