[systemd-devel] Extend systemd-resolved service to override DNS response
Aditya Sharma
aditya.sharma1128 at gmail.com
Tue Feb 14 09:04:25 UTC 2023
Hi Kevin,
*If what you mean is that you want to serve 'stale' records from a cache
when their TTLs have expired and the authoritative servers which provided
them are not reachable, that's something that a number of existing
recursive resolvers are able to do and it could be logical for
systemd-resolved to offer it too.*
We are looking to prepare a solution similar to this, to serve back records
for *FQDN*s in case of *timeout *from the DNS server.
We want to understand how we can extend systemd-resolved to override
response from DNS server in case of timeouts/failures.
Thanks
Aditya
On Mon, 13 Feb 2023 at 16:35, Kevin P. Fleming <
lists.systemd-devel at kevin.km6g.us> wrote:
> On Mon, Feb 13, 2023, at 05:38, Aditya Sharma wrote:
>
> Hi All,
>
> We needed help in understanding how systemd-resolved service can be
> extended to cache DNS responses to protect against DNS server failures.
> We were planning to maintain a cache so that we can override negative
> responses from the DNS server and replace it with our cached last known
> good record.
>
>
> This sounds very dangerous. A 'negative' response from an authoritative
> DNS server (NXDOMAIN, for example) is authoritative and should not be
> overridden.
>
> If what you mean is that you want to serve 'stale' records from a cache
> when their TTLs have expired and the authoritative servers which provided
> them are not reachable, that's something that a number of existing
> recursive resolvers are able to do and it could be logical for
> systemd-resolved to offer it too.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20230214/8ca5a9dc/attachment.htm>
More information about the systemd-devel
mailing list