[dnsdist] weird cached behavior

Nico nicomail at gmail.com
Tue Aug 14 13:54:46 UTC 2018 

Thanks David!
That answers my question. Didn't know how the cache work.

This messed up our debugging, because android queries where different from
our cli testing.

The situation whit the names going bad is not really the problem, It;s just
miss-configuration of the domain
itself which guest negatively cached.

Thanks again.

On Fri, Aug 10, 2018 at 11:27 PM David <opendak at shaw.ca> wrote:

> On 2018-08-10 3:03 PM, Nico wrote:
> > I need some help, if posible, to understand some strange situation.
> > Unfortunately we can give a method to reproduce it, but we have some
> > hard data.
> >
> > We have a couple of dnsdist servers. Half 1.1.0 and half 1.3.2, moving
> > from old to new.
> > The 1.1.0 are still getting most of the traffic and the problem happens
> > there.
> > The user base is 100% mobile, and we serve more than 200kqps
> >
> > We received complains about domain names unresolved which do exist.
> > first time, ignored, second time some checks, third time more checks.
> > The problem gets solved expunging the cache.
> >
> > All fine BUT, during our checks we noticed inconsistent behavior of the
> > cache regarding this names.
> > Android chrome access to page ->  fails.
> > AndroDNS (dns tools) query standard ->  empty answer
> >                 query over TCP -> correct answer
> >                 query whith DO -> correct answer
> >                 query whith CD -> correct answer
> > Checking from Linux:
> > host command: -> empty answer
> >          host over TCP -> correct answer
> > dig command -> correcto
> >
> > When the cache is cleared, all works OK.
> > We asume that there is some situation with the domain which create wrong
> > cached entries,
> > but why we have different answers from UDP than from TCP?
> > the query flags are exactly the same (0x0100)
> >
> > And why the difference between host and dig (the only difference at
> > paquet level is the AD bit set on DIG, 0x0100 vs 0x0120)
> >
>
> The packet caches in both dnsdist and powerdns recursor look at the full
> packet/request details, minus the ID as a result AD/vs no-AD is a
> different packet cache entry and would store separate responses from
> your downstream. The same is true for EDNS options, and also for TCP vs
> UDP queries.
>
> What does your downstream servers say about these names when they go
> bad? Can you dump the cache out there and inspect it?
>
>
> >
> > If anybody can help a little.....
> >
> > Thanks!!
> >
> >
> >
> >
> >
> > _______________________________________________
> > dnsdist mailing list
> > dnsdist at mailman.powerdns.com
> > https://mailman.powerdns.com/mailman/listinfo/dnsdist
> >
>
> _______________________________________________
> dnsdist mailing list
> dnsdist at mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/dnsdist
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20180814/8b7c9d8e/attachment.html>

More information about the dnsdist mailing list