Re: [DNSOP] I-D Action: draft-ietf-dnsop-serve-stale-03.txt

Holger Freyther <> Mon, 04 March 2019 06:19 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 857A4130FC5 for <>; Sun, 3 Mar 2019 22:19:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id MgAo_55THUpi for <>; Sun, 3 Mar 2019 22:19:13 -0800 (PST)
Received: from ( [IPv6:2a01:4f8:161:8201::2:4]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id D28EB131006 for <>; Sun, 3 Mar 2019 22:19:12 -0800 (PST)
Received: from [] ( []) by (Postfix) with ESMTPSA id 16C25121CEF for <>; Mon, 4 Mar 2019 06:19:09 +0000 (UTC)
From: Holger Freyther <>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
Date: Mon, 4 Mar 2019 06:19:06 +0000
References: <>
In-Reply-To: <>
Message-Id: <>
X-Mailer: Apple Mail (2.3445.9.1)
Archived-At: <>
Subject: Re: [DNSOP] I-D Action: draft-ietf-dnsop-serve-stale-03.txt
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 04 Mar 2019 06:19:15 -0000

> On 23. Feb 2019, at 18:54, wrote:

> There are also htmlized versions available at:

Section 5:

   If so, it adds that data to the response message; it MUST
   set the TTL of each expired record in the message greater than 0,
   with 30 seconds recommended.

Can we recommend to return a value randomly from an interval to add jitter instead? This is a common mitigation to a "thundering herd".

Section 8:

I might have missed some of the discussion but has the point of view of authoritative servers been considered?

What I really liked about a resolver signaling its' intent to stale serve to an authoritative nameserver is that it allows to (dynamically) lower the TTL. This allows an operator to react more quickly to changes without decreasing the resilience by relying on the resolver to cache. It seems equally attractive to both CDNs and "hobbyist" deployments.

Without signaling operators of authoritative nameservers either need to (non exhaustive):

a.) Keep the trade-off between nameserver unavailability and rate of change.
b.) Discriminate based on the resolver address
c.) Wait for further large scale experiments to determine the adoption rate of stale serving.