Using Serving Stale Data to Improve DNS Resilience
What Is Serve Stale?
Serve Stale is a method described in RFC 8767 to improve the reliability of DNS resolution. When the domain name cache on the local DNS server expires and the local DNS server cannot update the local cache due to a fault of the authoritative DNS server, the local DNS server can use the expired cache to respond to the requests, which is allowed by Serve Stale. In this way, the client can still obtain responses.

- With Serve Stale, the local DNS server can use the expired cache to respond to the requests if the upstream DNS server is faulty. However, the self-built DNS server may not update its cache with fresh data when the upstream DNS server is reachable again.
- Serve Stale allows the self-built DNS server to respond to client requests with cached data that has expired. For domain names that have not been cached, this function is not applicable.
Application Scenarios of Serve Stale
As shown in the following figure, a container or an ECS uses the self-built DNS server for domain name resolution. If the upstream DNS server is faulty and cannot respond, there are the following situations:
- If the self-built DNS server does not have Serve Stale enabled, the domain name resolution of the container or ECS will fail.
- If the self-built DNS server has Serve Stale enabled, the self-built DNS server uses the expired cache to respond to the container or ECS to avoid resolution outages.

Enabling Serve Stale
- Enabling Serve Stale for BIND 9: If your self-built DNS server is BIND 9, you can add related configuration items to options in your BIND configuration file and reload or restart your DNS service for the configuration to take effect.
- Enabling Serve Stale for CoreDNS: If your self-built DNS is CoreDNS or you want to reduce DNS resolution delays in a Kubernetes cluster, you can enable Serve Stale in CoreDNS's cache configuration.
Enabling Serve Stale for BIND 9
BIND 9 9.16.3 or later supports this feature.
- Configuration file: named.conf
- File section: options
- Configuration items
Configuration Item
Default Value
Recommended Value
Description
stale-cache-enable
no
yes
Whether to enable the retention of expired cache data.
stale-answer-enable
stale-answer-enable
yes
Whether to enable the returning of stale cached answers.
max-stale-ttl
1day
1day
If stale cache is enabled, this parameter specifies the maximum time for which the server retains expired records.
stale-refresh-time
30s
30s
Interval at which a BIND DNS server sends requests to the authoritative DNS server and updates its stale cache.
stale-answer-ttl
30s
30s
TTL value to be returned on stale answers.
- Example configuration:
options { stale-cache-enable yes; stale-answer-enable yes; };
Enabling Serve Stale for CoreDNS
CoreDNS offers a serve_stale feature within that allows it to respond with expired cache entries when it cannot reach an upstream DNS server.
CoreDNS-1.6.6 supports this feature.
- Configuration format: serve_stale [DURATION] [REFRESH_MODE]
- Configuration items:
- DURATION: specifies how long the expired cache can be used. It defaults to 1 hour.
- REFRESH_MODE: This can be set to verify or immediate.
- verify: verifies whether the upstream DNS is available before sending the expired cache to the client. This option may increase the resolution latency of the client.
- immediate: immediately sends the expired cache as a response to the client.
- Example configuration:
cache { serve_stale 1h immediate }
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot