[SAC] [OSGeo] #1693: Slow DNS lookups on tracsvn
OSGeo
trac_osgeo at osgeo.org
Wed Feb 14 15:41:03 PST 2018
#1693: Slow DNS lookups on tracsvn
--------------------------+--------------------
Reporter: strk | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone:
Component: DNS | Resolution:
Keywords: tracsvn, dns |
--------------------------+--------------------
Comment (by TemptorSent):
To explain further --
A recursive caching name server is used to look up and locally cache DNS
information from the appropriate authoritative name server, which it
discovers more or less in the following manner:
- starting at the root name server, it sends a query for the target
record; the root nameserver replies based on the TLD (top level domain -
osgeo.org, for example) with the address of the name servers for that
domain
- it then queries each successive name server recursively until it find an
authoritative record for the target
- each record has an associated TTL or "Time To Live", which determines
how long it is allowed to be cached for
DNSSEC uses cryptographic techniques to ensure that only records actually
originating from an authorized authoritative nameserver are accepted --
without this, a technique called DNS cache poisoning can be used to insert
records linking valid names to malicious addresses. Ensuring that only
DNSSEC authenticated records are cached when available will prevent a
large class of DNS related exploits.
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1693#comment:3>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
More information about the Sac
mailing list