[dnsdist] Cache, chrome and dns tunneling

Nico nicomail at gmail.com
Thu May 3 15:25:28 UTC 2018

Just to share the experience.

We have 2 dnsdist (1.1.0) running for a mobile user base with 100kqps each
more or less.
We have a bunch of resolvers (unbound and pdns resolver).
And cache, because mobile users only ask for google, facebook and twitter
 cache = newPacketCache(1000000, 86400, 0, 60, 60)

We were observing many situations where the cache was growing from 80% to
full and the queries to
the backend resolvers increased like no cache at all.
Asking for things which should  be in the cache (facebook.com)
and having more time-outs to the users.

this was very regular, like every hour, for 10 minutes or something like

After some tcpdumping and testing we found that chrome and dns tunneling
were filing the cache,
even if the percent of this queries was very low in the total.

After installing this two rules:
-- skip most tunnels
addAction(QTypeRule(10), SkipCacheAction())
-- chrome android (random queries with only one label)

everything get absolutely better.

Hope it help someone.

(we will be upgrading to 1.3 =very soon)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20180503/db7ef12a/attachment.html>

More information about the dnsdist mailing list