[dnsdist] weird cached behavior

David opendak at shaw.ca
Sat Aug 11 02:27:39 UTC 2018 

On 2018-08-10 3:03 PM, Nico wrote:
> I need some help, if posible, to understand some strange situation.
> Unfortunately we can give a method to reproduce it, but we have some 
> hard data.
> 
> We have a couple of dnsdist servers. Half 1.1.0 and half 1.3.2, moving 
> from old to new.
> The 1.1.0 are still getting most of the traffic and the problem happens 
> there.
> The user base is 100% mobile, and we serve more than 200kqps
> 
> We received complains about domain names unresolved which do exist.
> first time, ignored, second time some checks, third time more checks.
> The problem gets solved expunging the cache.
> 
> All fine BUT, during our checks we noticed inconsistent behavior of the 
> cache regarding this names.
> Android chrome access to page ->  fails.
> AndroDNS (dns tools) query standard ->  empty answer
>                 query over TCP -> correct answer
>                 query whith DO -> correct answer
>                 query whith CD -> correct answer
> Checking from Linux:
> host command: -> empty answer
>          host over TCP -> correct answer
> dig command -> correcto
> 
> When the cache is cleared, all works OK.
> We asume that there is some situation with the domain which create wrong 
> cached entries,
> but why we have different answers from UDP than from TCP?
> the query flags are exactly the same (0x0100)
> 
> And why the difference between host and dig (the only difference at 
> paquet level is the AD bit set on DIG, 0x0100 vs 0x0120)
> 

The packet caches in both dnsdist and powerdns recursor look at the full 
packet/request details, minus the ID as a result AD/vs no-AD is a 
different packet cache entry and would store separate responses from 
your downstream. The same is true for EDNS options, and also for TCP vs 
UDP queries.

What does your downstream servers say about these names when they go 
bad? Can you dump the cache out there and inspect it?


> 
> If anybody can help a little.....
> 
> Thanks!!
> 
> 
> 
> 
> 
> _______________________________________________
> dnsdist mailing list
> dnsdist at mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/dnsdist
>

More information about the dnsdist mailing list