Help Center/ Domain Name Service/ Best Practices/ Best Practices for Public Domain Name Resolution/ Using Serving Stale Data to Improve DNS Resilience
Updated on 2025-08-20 GMT+08:00
View PDF
Share

Using Serving Stale Data to Improve DNS Resilience

What Is Serve Stale?

Serve Stale is a method described in RFC 8767 to improve the reliability of DNS resolution. When the domain name cache on the local DNS server expires and the local DNS server cannot update the local cache due to a fault of the authoritative DNS server, the local DNS server can use the expired cache to respond to the requests, which is allowed by Serve Stale. In this way, the client can still obtain responses.

  • With Serve Stale, the local DNS server can use the expired cache to respond to the requests if the upstream DNS server is faulty. However, the self-built DNS server may not update its cache with fresh data when the upstream DNS server is reachable again.
  • Serve Stale allows the self-built DNS server to respond to client requests with cached data that has expired. For domain names that have not been cached, this function is not applicable.

Application Scenarios of Serve Stale

As shown in the following figure, a container or an ECS uses the self-built DNS server for domain name resolution. If the upstream DNS server is faulty and cannot respond, there are the following situations:

  • If the self-built DNS server does not have Serve Stale enabled, the domain name resolution of the container or ECS will fail.
  • If the self-built DNS server has Serve Stale enabled, the self-built DNS server uses the expired cache to respond to the container or ECS to avoid resolution outages.
Figure 1 Application scenarios of Serve Stale

Enabling Serve Stale

  • Enabling Serve Stale for BIND 9: If your self-built DNS server is BIND 9, you can add related configuration items to options in your BIND configuration file and reload or restart your DNS service for the configuration to take effect.
  • Enabling Serve Stale for CoreDNS: If your self-built DNS is CoreDNS or you want to reduce DNS resolution delays in a Kubernetes cluster, you can enable Serve Stale in CoreDNS's cache configuration.

Enabling Serve Stale for BIND 9

BIND 9 9.16.3 or later supports this feature.

  • Configuration file: named.conf
  • File section: options
  • Configuration items

    Configuration Item

    Default Value

    Recommended Value

    Description

    stale-cache-enable

    no

    yes

    Whether to enable the retention of expired cache data.

    stale-answer-enable

    stale-answer-enable

    yes

    Whether to enable the returning of stale cached answers.

    max-stale-ttl

    1day

    1day

    If stale cache is enabled, this parameter specifies the maximum time for which the server retains expired records.

    stale-refresh-time

    30s

    30s

    Interval at which a BIND DNS server sends requests to the authoritative DNS server and updates its stale cache.

    stale-answer-ttl

    30s

    30s

    TTL value to be returned on stale answers.
  • Example configuration: 
    options {
    stale-cache-enable yes;
    stale-answer-enable yes;
};

Enabling Serve Stale for CoreDNS

CoreDNS offers a serve_stale feature within that allows it to respond with expired cache entries when it cannot reach an upstream DNS server.

CoreDNS-1.6.6 supports this feature.

  • Configuration format: serve_stale [DURATION] [REFRESH_MODE]
  • Configuration items:
    • DURATION: specifies how long the expired cache can be used. It defaults to 1 hour.
    • REFRESH_MODE: This can be set to verify or immediate.
      • verify: verifies whether the upstream DNS is available before sending the expired cache to the client. This option may increase the resolution latency of the client.
      • immediate: immediately sends the expired cache as a response to the client.
  • Example configuration: 
    cache {
serve_stale 1h immediate
}