Re: [DNSOP] Review of draft-ietf-dnsop-serve-stale-02.txt

Tony Finch <> Mon, 05 November 2018 18:45 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id A7D3D1294D7 for <>; Mon, 5 Nov 2018 10:45:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id osaAsV2DBDrU for <>; Mon, 5 Nov 2018 10:45:28 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id D580D130D7A for <>; Mon, 5 Nov 2018 10:45:27 -0800 (PST)
X-Cam-AntiVirus: no malware found
Received: from ([]:45238) by ( []:25) with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) id 1gJjsL-000MkP-1z (Exim 4.91) (return-path <>); Mon, 05 Nov 2018 18:45:25 +0000
Date: Mon, 05 Nov 2018 18:45:25 +0000
From: Tony Finch <>
To: Dave Lawrence <>
In-Reply-To: <>
Message-ID: <>
References: <20181103081228.GA32569@naina> <>
User-Agent: Alpine 2.20 (DEB 67 2015-01-07)
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Archived-At: <>
Subject: Re: [DNSOP] Review of draft-ietf-dnsop-serve-stale-02.txt
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 05 Nov 2018 18:45:29 -0000

A few notes following the presentation and discussion earlier today
(unrelated to Mukund's comments - I'm just stealing a suitable thread)

Re. the EDNS options, if you go for a 1 bit version it should apply only
to the answer section. The only time this will be ambiguous is when there
are CNAME/DNAME chains present.

I was rather disconcerted by the 1 week default serve-stale limit in
BIND's implementation. It seems to me that the value should be tuned to
match typical outage lengths. A day seems to me to be much more reasonable
than a week, though for my servers I have chosen an hour.

Part of the reason I like serve-stale is that I think it will make outages
easier to triage for my IT support colleagues. Network connectivity
problems often look like DNS problems to even fairly knowledgable people.
If the DNS continues to provide answers when the network is a bit broken
then the investigation is more likely to head in the right direction
sooner. (My logic for choosing an hour is that if things are broken for
longer than that then it clearly isn't my fault any more!)

f.anthony.n.finch  <>
disperse power, foster diversity, and nurture creativity