RFC 8767

Serving Stale Data to Improve DNS Resiliency, March 2020

File formats:

icon for HTML icon for text file icon for v3pdf icon for XML
Also available: XML file for editing
 
Status:
PROPOSED STANDARD
Updates:
RFC 1034, RFC 1035, RFC 2181
Authors:
D. Lawrence
W. Kumari
P. Sood
Stream:
IETF
Source:
dnsop (ops)

Cite this RFC: TXT  |  XML  |   BibTeX

DOI:  https://doi.org/10.17487/RFC8767

Discuss this RFC: Send questions or comments to the mailing list dnsop@ietf.org

Other actions: Submit Errata  |  Find IPR Disclosures from the IETF  |  View History of RFC 8767


Abstract

This document defines a method (serve-stale) for recursive resolvers to use stale DNS data to avoid outages when authoritative nameservers cannot be reached to refresh expired data. One of the motivations for serve-stale is to make the DNS more resilient to DoS attacks and thereby make them less attractive as an attack vector. This document updates the definitions of TTL from RFCs 1034 and 1035 so that data can be kept in the cache beyond the TTL expiry; it also updates RFC 2181 by interpreting values with the high-order bit set as being positive, rather than 0, and suggests a cap of 7 days.


For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 8729.




Advanced Search