Serving Stale Data to Improve DNS Resiliency
draft-ietf-dnsop-serve-stale-05

Document Type Active Internet-Draft (dnsop WG)
Last updated 2019-07-02 (latest revision 2019-04-16)
Replaces draft-tale-dnsop-serve-stale
Stream IETF
Intended RFC status (None)
Formats plain text xml pdf html bibtex
Stream WG state WG Document
Document shepherd Suzanne Woolf
IESG IESG state I-D Exists
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to Suzanne Woolf <suzworldwide@gmail.com>
DNSOP Working Group                                          D. Lawrence
Internet-Draft                                                    Oracle
Updates: 1034, 1035 (if approved)                              W. Kumari
Intended status: Standards Track                                 P. Sood
Expires: October 18, 2019                                         Google
                                                          April 16, 2019

              Serving Stale Data to Improve DNS Resiliency
                    draft-ietf-dnsop-serve-stale-05

Abstract

   This draft defines a method (serve-stale) for recursive resolvers to
   use stale DNS data to avoid outages when authoritative nameservers
   cannot be reached to refresh expired data.  It updates the definition
   of TTL from [RFC1034], [RFC1035], and [RFC2181] to make it clear that
   data can be kept in the cache beyond the TTL expiry and used for
   responses when a refreshed answer is not readily available.  One of
   the motivations for serve-stale is to make the DNS more resilient to
   DoS attacks, and thereby make them less attractive as an attack
   vector.

Ed note

   Text inside square brackets ([]) is additional background
   information, answers to frequently asked questions, general musings,
   etc.  They will be removed before publication.  This document is
   being collaborated on in GitHub at <https://github.com/vttale/serve-
   stale>.  The most recent version of the document, open issues, etc
   should all be available here.  The authors gratefully accept pull
   requests.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

Lawrence, et al.        Expires October 18, 2019                [Page 1]
Internet-Draft               DNS Serve Stale                  April 2019

   This Internet-Draft will expire on October 18, 2019.

Copyright Notice

   Copyright (c) 2019 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (https://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Terminology . . . . . . . . . . . . . . . . . . . . . . . . .   3
   3.  Background  . . . . . . . . . . . . . . . . . . . . . . . . .   3
   4.  Standards Action  . . . . . . . . . . . . . . . . . . . . . .   4
   5.  Example Method  . . . . . . . . . . . . . . . . . . . . . . .   4
   6.  Implementation Considerations . . . . . . . . . . . . . . . .   6
   7.  Implementation Caveats  . . . . . . . . . . . . . . . . . . .   8
   8.  Implementation Status . . . . . . . . . . . . . . . . . . . .   9
   9.  EDNS Option . . . . . . . . . . . . . . . . . . . . . . . . .  10
   10. Security Considerations . . . . . . . . . . . . . . . . . . .  10
   11. Privacy Considerations  . . . . . . . . . . . . . . . . . . .  10
   12. NAT Considerations  . . . . . . . . . . . . . . . . . . . . .  11
   13. IANA Considerations . . . . . . . . . . . . . . . . . . . . .  11
   14. Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .  11
   15. References  . . . . . . . . . . . . . . . . . . . . . . . . .  11
     15.1.  Normative References . . . . . . . . . . . . . . . . . .  11
     15.2.  Informative References . . . . . . . . . . . . . . . . .  12
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  12

1.  Introduction

   Traditionally the Time To Live (TTL) of a DNS resource record has
   been understood to represent the maximum number of seconds that a
   record can be used before it must be discarded, based on its
   description and usage in [RFC1035] and clarifications in [RFC2181].

   This document proposes that the definition of the TTL be explicitly
   expanded to allow for expired data to be used in the exceptional
   circumstance that a recursive resolver is unable to refresh the

Lawrence, et al.        Expires October 18, 2019                [Page 2]
Show full document text