<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="Generator" content="Microsoft Exchange Server">
<!-- converted from text --><style><!-- .EmailQuote { margin-left: 1pt; padding-left: 4pt; border-left: #800000 2px solid; } --></style>
</head>
<body>
<div>
<div id="x_gw-compose-body-div" style="font-family:"Arial"; font-size:12pt; color:rgb(0,0,0)">
<div>
<div>
<div>So you want probably Bind's stale-answer-enable=yes?</div>
<div><br>
</div>
<div>Klaus</div>
<div><br>
</div>
<div><br>
</div>
<div id="x_gw-compose-signature-div" style="font-family:"Arial"; font-size:12pt; color:#000000">
Gesendet über BlackBerry Work (www.blackberry.com)</div>
</div>
</div>
</div>
<hr style="display:inline-block; width:98%">
<div class="x_quote"><b>Von: </b>Mike via Pdns-users <pdns-users@mailman.powerdns.com><br>
<b>Gesendet: </b>27.05.2020 22:33<br>
<b>An: </b>pdns-users@mailman.powerdns.com<br>
<b>Betreff: </b>[Pdns-users] retaining cache<br>
<br type="attribution">
</div>
</div>
<font size="2"><span style="font-size:10pt;">
<div class="PlainText">Hi,<br>
<br>
I already know Im going to get in trouble with the dns protocol<br>
police, and probably shoot myself in the foot at the same time, however....<br>
<br>
I know of a large service provider that has foolishly put both<br>
authoritative name servers for their domain on the same subnet, and for<br>
which has occasional routing propagation issues which make it impossible<br>
to reach their domain servers from some portions of the net but not<br>
others. The services themselves, such as their MX host, continues to be<br>
accessible, but the nameservers that tell you where the MX host is, are<br>
occasionally not. I was thinking one possible valid approach, could<br>
simply be a secondary cache where pdns will move records that reach<br>
normal cache expiration. This secondary cache then attempts to<br>
re-validate records with the auth servers, and if it gets NXDOMAIN or<br>
updated data, flush or update the cache per normal. But, pdns would<br>
continue answering queries out of this secondary cache (with a low ttl),<br>
as long as it has not received any other authoritative data, at which<br>
point when it does, the entry could go back into primary cache (or remove).<br>
<br>
I don't think the size of this secondary cache would grow out of<br>
control because we're really just tracking records that we cannot a get<br>
answers about either way from their primary auth servers. I don't see<br>
where this would break anything either since, again, deletion from the<br>
cache would be due to NXDOMAIN from an auth server, either the domain<br>
auth or the root. <br>
<br>
Anyone want to (gently) shoot me down....?<br>
<br>
<br>
Mike-<br>
<br>
<br>
<br>
_______________________________________________<br>
Pdns-users mailing list<br>
Pdns-users@mailman.powerdns.com<br>
<a href="https://mailman.powerdns.com/mailman/listinfo/pdns-users">https://mailman.powerdns.com/mailman/listinfo/pdns-users</a><br>
</div>
</span></font>
</body>
</html>