[systemd-devel] Extend systemd-resolved service to override DNS response
Kevin P. Fleming
lists.systemd-devel at kevin.km6g.us
Mon Feb 13 10:55:33 UTC 2023
On Mon, Feb 13, 2023, at 05:38, Aditya Sharma wrote:
> Hi All,
>
> We needed help in understanding how systemd-resolved service can be extended to cache DNS responses to protect against DNS server failures.
> We were planning to maintain a cache so that we can override negative responses from the DNS server and replace it with our cached last known good record.
This sounds very dangerous. A 'negative' response from an authoritative DNS server (NXDOMAIN, for example) is authoritative and should not be overridden.
If what you mean is that you want to serve 'stale' records from a cache when their TTLs have expired and the authoritative servers which provided them are not reachable, that's something that a number of existing recursive resolvers are able to do and it could be logical for systemd-resolved to offer it too.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20230213/6adeb1e6/attachment.htm>
More information about the systemd-devel
mailing list