Mark Rogers mark@quarella.co.uk wrote: [...]
I wondered about running a standard DNS caching proxy; hopefully it would get enough hits in normal use to maintain a reasonably up-to-date cache, with any requests it didn't know getting thrown at 123-Reg. I'm not sure whether this one is possible though (in particular I need TTLs to be ignored if the primary DNS is unavailable). [...]
It's possible, but I didn't have particularly good results with this as a failure cover. What seems to happen is that when the distant server fails, the caching proxy can't detect that for a while (because DNS is usually over UDP which is usually stateless, IIRC) and you end up with many caching proxy requests hanging. Depending on how the caching proxy is implemented, that means it is either wasting time and some memory checking for answers that will never come, or wasting processes and lots of memory on children that spend most of their time waiting for an answer that will never come. Also, if the proxy doesn't answer "fast enough" (for some value of "fast enough"), some requestors will resend their request and amplify the problem.
If the caching proxy has a way that you can flip a switch so it will serve everything from cache when the primary DNS goes unavailable, then it might work, but I've not found one that offers that.
As ever, I'd love to learn that there is a good solution out there. For now, I restructured those DNS servers to use a mydns/AXFR secondary after negotiating with the primary nameserver operators.
Another option is to move all my DNS somewhere else which does support AXFR, or move it all to my own servers so AXFR isn't an issue. [...]
Moving things away from 123-reg is a very good idea! I've had trouble with them and I think they were in Martyn Drake's Feckwits category for quite a while (or was that fasthosts? Both pretty bad IMO.)
Hope that helps,