[SAC] [OSGeo] #1693: Slow DNS lookups on tracsvn

OSGeo trac_osgeo at osgeo.org
Wed Feb 14 15:41:03 PST 2018


#1693: Slow DNS lookups on tracsvn
--------------------------+--------------------
 Reporter:  strk          |       Owner:  sac@…
     Type:  task          |      Status:  new
 Priority:  normal        |   Milestone:
Component:  DNS           |  Resolution:
 Keywords:  tracsvn, dns  |
--------------------------+--------------------

Comment (by TemptorSent):

 To explain further --
 A recursive caching name server is used to look up and locally cache DNS
 information from the appropriate authoritative name server, which it
 discovers more or less in the following manner:
 - starting at the root name server, it sends a query for the target
 record; the root nameserver replies based on the TLD (top level domain -
 osgeo.org, for example) with the address of the name servers for that
 domain
 - it then queries each successive name server recursively until it find an
 authoritative record for the target
 - each record has an associated TTL or "Time To Live", which determines
 how long it is allowed to be cached for

 DNSSEC uses cryptographic techniques to ensure that only records actually
 originating from an authorized authoritative nameserver are accepted --
 without this, a technique called DNS cache poisoning can be used to insert
 records linking valid names to malicious addresses. Ensuring that only
 DNSSEC authenticated records are cached when available will prevent a
 large class of DNS related exploits.

--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1693#comment:3>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.


More information about the Sac mailing list