Re: Extend systemd-resolved service to override DNS response

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Kevin,

If what you mean is that you want to serve 'stale' records from a cache when their TTLs have expired and the authoritative servers which provided them are not reachable, that's something that a number of existing recursive resolvers are able to do and it could be logical for systemd-resolved to offer it too.

We are looking to prepare a solution similar to this, to serve back records for FQDNs in case of timeout from the DNS server.
We want to understand how we can extend systemd-resolved to override response from DNS server in case of timeouts/failures.

Thanks
Aditya


On Mon, 13 Feb 2023 at 16:35, Kevin P. Fleming <lists.systemd-devel@xxxxxxxxxxxxx> wrote:
On Mon, Feb 13, 2023, at 05:38, Aditya Sharma wrote:
Hi All,

We needed help in understanding how systemd-resolved service can be extended to cache DNS responses to protect against DNS server failures.
We were planning to maintain a cache so that we can override negative responses from the DNS server and replace it with our cached last known good record.

This sounds very dangerous. A 'negative' response from an authoritative DNS server (NXDOMAIN, for example) is authoritative and should not be overridden.

If what you mean is that you want to serve 'stale' records from a cache when their TTLs have expired and the authoritative servers which provided them are not reachable, that's something that a number of existing recursive resolvers are able to do and it could be logical for systemd-resolved to offer it too.


[Index of Archives]     [LARTC]     [Bugtraq]     [Yosemite Forum]     [Photo]

  Powered by Linux