Defensive cache usage in case of upstream outages
This is post-Dyn thing. Implement something like this: https://datatracker.ietf.org/doc/draft-wkumari-dnsop-ttl-stretching/
But it might be even easier:
- just don't remove the expired records from cache (for some defined/configurable period of time)
- return the record from the cache with TTL 0
- check if the DNSSEC signature is still valid
- schedule refresh in the background
There's an patent from Akamai, that needs to be checked, but the described mechanism is not covered as Akamai checks first and returns the record from cache after upstream timeout.