[dnsdist] Does dnsdist try the next server inside a pool, when the first does not answer?

Mon Sep 25 04:18:12 UTC 2023

Hi there 

We are using multiple resolvers in the same pool and we set the setServFailWhenNoServer option. There is also an overflow configured, which allows only 10000 qps to this pool.

What happens when the first server in the pool does not answer the query within the configured setUDPTimeout? 
Is the same query sent to the next server inside the pool?
Or does dnsdist reply to the client with SERVFAIL without trying another server?
Does dnsdist only switch to the next server, if the state of the first one is 'down'?

---
setLocal('127.0.0.1')
addLocal('[::1]')

addACL("127.0.0.1")
addACL("10.0.0.0/8")
addACL("::1/124")

newServer({ name='rec10-1', address='10.5.230.30', addXPF=1, checkName='ns1.ethz.ch', rise=2, pool={'rec-close'}, source='10.5.230.4', weight=1 })
newServer({ name='rec10-2', address='10.5.230.30', addXPF=1, checkName='ns1.ethz.ch', rise=2, pool={'rec-close'}, source='10.5.230.4', weight=1 })
newServer({ name='rec20-1', address='10.5.230.32', addXPF=1, checkName='ns1.ethz.ch', rise=2, pool={'rec-close'}, source='10.5.230.4', weight=1 })
newServer({ name='rec20-2', address='10.5.230.32', addXPF=1, checkName='ns1.ethz.ch', rise=2, pool={'rec-close'}, source='10.5.230.4', weight=1 })
newServer({ name='rec30-1', address='10.5.231.140', addXPF=1, checkName='ns1.ethz.ch', rise=2, pool={'rec-far'}, source='10.5.230.4', weight=1 })
newServer({ name='rec30-2', address='10.5.231.140', addXPF=1, checkName='ns1.ethz.ch', rise=2, pool={'rec-far'}, source='10.5.230.4', weight=1 })
newServer({ name='rec40-1', address='10.5.231.144', addXPF=1, checkName='ns1.ethz.ch', rise=2, pool={'rec-far'}, source='10.5.230.4', weight=1 })
newServer({ name='rec40-2', address='10.5.231.144', addXPF=1, checkName='ns1.ethz.ch', rise=2, pool={'rec-far'}, source='10.5.230.4', weight=1 })

pci = newPacketCache(8000000, { deferrableInsertLock=true,
                               dontAge=false,
                               keepStaleData=true,
                               maxNegativeTTL=300,
                               maxTTL=36000,
                               minTTL=65,
                               numberOfShards=40,
                               parseECS=false,
                               staleTTL=95,
                               temporaryFailureTTL=60,
                               cookieHashing=false
})

setStaleCacheEntriesTTL(3600)
getPool("rec-close"):setCache(pci)
setServFailWhenNoServer(true)
setServerPolicy(whashed)
setPoolServerPolicy(whashed, 'rec-close')
setWHashedPertubation(19720716)
setMaxUDPOutstanding(65535)

setUDPTimeout(4)

addAction(AndRule({AllRule(), PoolAvailableRule('rec-close')}), QPSPoolAction(10000, 'rec-close'))
addAction(AndRule({AllRule(), PoolAvailableRule('rec-far')}), PoolAction('rec-far'))
---

Kind regards,
Tobias

-------------------------------------------------------
ETH Zürich
Tobias Schnurrenberger
ID INFRA Network Applications
OCT G 19
Binzmühlestrasse 130
8092 Zürich

Telefon +41 44 632 45 00
tobias.schnurrenberger at id.ethz.ch
-------------------------------------------------------

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4222 bytes
Desc: not available
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20230925/2df49198/attachment.bin>