Re: Can bind be configured to not drop RR's from the cache when the upstream DNS server is unresponsive

[Barry Margolin]

In article ,
 Mark Andrews  wrote:

> How do you actually expect this to ever work in real life?

I'm pretty sure Google DNS does this. Other resolver operators often get 
complaints about "Why can't I look up  through your DNS 
servers when I can do it through Google DNS?"

> Caches will generally have expired / not learnt the records by the
> time you realise that you want to keep records longer so there is
> no point even coding support for this into caches.  We don't have
> time machines.

Of course, if the record hasn't been cached in the first place, there's 
nothing you can do. But a heavily-used resolver will quickly cache most 
popular records.

When a cached record expires, the server should try to refresh it. If it 
gets a valid response, it updates the cache. But providing the old 
record if there's no response is not an unreasonable approach to fault 
tolerance.

It would be reasonable to have a configured maximum lifetime for these 
expired records, so that caches wouldn't fill up with lots of detritus 
from abandoned domains. A day seems like long enough for the 
authoritative server operator to fix their problem.

-- 
Barry Margolin
Arlington, MA
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Multiple A records and reverse DNS

[Phil Mayers]

On 18/03/16 14:52, /dev/rob0 wrote:

On Fri, Mar 18, 2016 at 10:04:05AM -0400, Thomas Schulz wrote:

I turns out that it is harder than I thought to allow incomming
connections from both providers at the same time, so I may not do
that after all.


Multiple route tables (and rules to choose the appropriate table) are
fairly easy in Linux, albeit not particularly well documented.  For


Very poorly documented, in fact.

If you go down this route, do not forget the interface "via eth0" routes 
in the secondary routes tables as well, otherwise very odd things can 
happen with ARP.

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Can bind be configured to not drop RR's from the cache when the upstream DNS server is unresponsive

[Ron]

On Sun, Mar 20, 2016 at 3:03 AM, Barry Margolin  wrote:
>
> That's feasible if you can reconfigure all the client machines to do
> this. It's not very scalable if you have a network of machines running
> different operating systems, and you'd like to have your central
> resolver take care of all the caching.

That's indeed my situation, we're running around 50 Linux machines each
having their own caching named. And a few Windows/OSX laptops which
run off Google DNS.

It's all very annoying, but it's even more annoying for our customers running
off the linux machines.

-- Ron
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

RE: Can bind be configured to not drop RR's from the cache when the upstream DNS server is unresponsive

[Darcy Kevin (FCA)]

Would they be receptive to letting you slave the zone? At least then you’d have 
the whole EXPIRE time before the names stopped resolving.

If they’re concerned about security, then the transfers could be locked down by 
source IP address, or, if their software supports it, TSIG key.

One of the downsides of slaving, of course, is that changes might take a while 
to replicate, unless NOTIFY is set up.


- Kevin

[FCA_Pantone_email]
--
Kevin Darcy
NAFTA Information Security Projects

FCA US LLC
1075 W Entrance Dr,
Auburn Hills, MI 48326
USA

Telephone: +1 (248) 838-6601
Mobile: +1 (810) 397-0103
Email: kevin.da...@fcagroup.com

From: bind-users-boun...@lists.isc.org 
[mailto:bind-users-boun...@lists.isc.org] On Behalf Of Ron
Sent: Friday, March 18, 2016 4:46 AM
To: G.W. Haywood
Cc: bind-users@lists.isc.org
Subject: Re: Can bind be configured to not drop RR's from the cache when the 
upstream DNS server is unresponsive



On Fri, Mar 18, 2016 at 12:12 AM, G.W. Haywood 
mailto:b...@jubileegroup.co.uk>> wrote:
Hi there,

On Thu, 17 Mar 2016, Ron wrote:
... in this case it's a supplier who is unable to keeps his DNS servers
working, and we just want to keep the connectivity.

I'd just put something in /etc/hosts and send myself an email every
month or so to remind me I'd done that.


This is what we're currently using, but it has the downside of not picking up 
ip address changes.

Ron



--

73,
Ged.



___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users