2

Is there any method of allowing stale DNS results to be returned? By stale, I mean, where the TTL has expired, but no new record can be obtained, likely due to the nameserver being unavailable.

To my knowledge, at least bind 9 doesn't have any mechanism for this. I also wasn't able to find any reference for it in bind 10. For the life of me, I can't figure out why. There's no reason why DNS couldn't use the same caching rules and methodology that HTTP uses. Sites could choose to disable, or tune their caching preferences.

This seems so simple to me, that I'm hoping that I've missed some new development that someone can share with me :)

P.S. I know there are some end user tools that do this (opendns, dnsmasq, etc), but that takes all the control away from the owner of the domain, and forces the end user to make often wrong guesses about how zone files should be cached beyond their TTL.

Danny F
  • 498
  • 3
  • 10

1 Answers1

1

From BIND 9.12 Releaste Notes at https://kb.isc.org/article/AA-01554/0/BIND-9.12.0-Release-Notes.html, this is now available.

"When acting as a recursive resolver, named can now continue returning answers whose TTLs have expired when the authoritative server is under attack and unable to respond. This is controlled by the stale-answer-enable, stale-answer-ttl and max-stale-ttl options. [RT #44790]"

Blaine Elzey
  • 26
  • 1
  • Not exactly what I was looking for, but useful none the less, so I marked it answered. I was looking for something at the zone level where you could allow or disallow stale results. – Danny F Aug 20 '18 at 18:35