Hi, I already know Im going to get in trouble with the dns protocol police, and probably shoot myself in the foot at the same time, however....
I know of a large service provider that has foolishly put both authoritative name servers for their domain on the same subnet, and for which has occasional routing propagation issues which make it impossible to reach their domain servers from some portions of the net but not others. The services themselves, such as their MX host, continues to be accessible, but the nameservers that tell you where the MX host is, are occasionally not. I was thinking one possible valid approach, could simply be a secondary cache where pdns will move records that reach normal cache expiration. This secondary cache then attempts to re-validate records with the auth servers, and if it gets NXDOMAIN or updated data, flush or update the cache per normal. But, pdns would continue answering queries out of this secondary cache (with a low ttl), as long as it has not received any other authoritative data, at which point when it does, the entry could go back into primary cache (or remove). I don't think the size of this secondary cache would grow out of control because we're really just tracking records that we cannot a get answers about either way from their primary auth servers. I don't see where this would break anything either since, again, deletion from the cache would be due to NXDOMAIN from an auth server, either the domain auth or the root. Anyone want to (gently) shoot me down....? Mike- _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
