On Wed, 3 Jun 2015, Petr Spacek wrote:
???On 3.6.2015 13:45, Reindl Harald wrote:
If you feel that the standard is broken then *please* continue with discussion
on IETF's dnsop mailing list:
https://www.ietf.org/mailman/listinfo/dnsop
come on stop trolling that way because you know exactly what i am talking
about by "broken client software" - the point is that with caching on each and
every device you lose the oppotinity clear central caches for whatever reason
and make the changes visible on all clients in realtime
You will lose the ability because *you configured the zone with
inappropriately long TTL*.
I have to agree with Petr here. The DNS is specifically designed so that
the producer of records can say how long things are allowed to be
cached. Chaining caches via forwarders is not against the method of the
DNS - it is the core design.
Moving the resolving and validation to the end nodes to increase
security, and DNS security is something we badly need.
Relying on aggregating DNS servers as access control for out-of-band
DNS clearing goes against the "API contract" of a DNS transaction,
which comes with a TTL condition. Plus, that assumption has always
been broken for browsers already, who keep their own cache.
Paul
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
