[dnsdist] Dnsdist 1.5 PacketCache not reading from the cache (most likely a configuration problem)

Wed Oct 28 18:54:53 UTC 2020

Hello dnsdist community,

    My appologies if this isn't the right list for these questions,
but I've hit a snag while trying to implement PacketCache on a fresh
dnsdist installation. I'm running a minimal configuration file
detailed below, and I can't seem to have it read from the cache.
Querying the same domain name each time from the same source just
increments the "Misses" counter and puts it in the cache all over
again.

    I'm currently running "dnsdist 1.5.1 (Lua 5.1.4 [LuaJIT 2.0.4])
Enabled features: cdb dns-over-tls(gnutls openssl) dns-over-https(DOH)
dnscrypt fstrm ipcipher libsodium lmdb protobuf re2 recvmmsg/sendmmsg
snmp systemd" from the powerdns-dnsdist-15 CentOS 7.x repo with the
following minimalistic configuration file:

------------------------------------------8<------------------------------------------
setACL({"0.0.0.0/0", "::/0"})
newServer({address="192.168.0.10", pool="something"})
setPoolServerPolicy(leastOutstanding, "something")
pc = newPacketCache(10000, {maxTTL=86400, minTTL=0,
temporaryFailureTTL=60, staleTTL=60, dontAge=false})
getPool("something"):setCache(pc)

getServer(0):setUp()
setLocal('0.0.0.0')
addLocal('::0')
addAction("0.0.0.0/0", PoolAction("something"))
------------------------------------------8<------------------------------------------

    Dnsdist starts up normally apart from the systemd warning
regarding LimitNOFILE and displays:
------------------------------------------8<------------------------------------------
~]# dnsdist -C /etc/dnsdist/dnsdist.conf

Added downstream server 192.168.0.10:53
Listening on 0.0.0.0:53
Listening on [::]:53
dnsdist 1.5.1 comes with ABSOLUTELY NO WARRANTY. This is free
software, and you are welcome to redistribute it according to the
terms of the GPL version 2
ACL allowing queries from: 0.0.0.0/0, ::/0
Console ACL allowing connections from: 127.0.0.0/8, ::1/128
Warning, this configuration can use more than 1055 file descriptors,
web server and console connections not included, and the current limit
is 1024.
You can increase this value by using LimitNOFILE= in the systemd unit
file or ulimit.
> Polled security status of version 1.5.1 at startup, no known issues reported: OK
------------------------------------------8<------------------------------------------

   I can see the pool and the cache are created and enabled, and also
that the cache is empty:

------------------------------------------8<------------------------------------------
> showPools()
Name                                    Cache         ServerPolicy Servers
                                                  leastOutstanding
something                             0/10000     leastOutstanding
192.168.0.10:53 192.168.0.10:53

> getPool("something"):getCache():printStats()
Entries: 0/10000
Hits: 0
Misses: 0
Deferred inserts: 0
Deferred lookups: 0
Lookup Collisions: 0
Insert Collisions: 0
TTL Too Shorts: 0
------------------------------------------8<------------------------------------------

   The backend in this case, 192.168.0.10 has an A record configured
for "example.com" with a TTL of 300 seconds, pointing to 192.168.0.10.
   After running something like: $(for i in {1..50}; do dig +short
"example.com" @192.168.0.20; sleep 1s; done) in bash, the cache looks
like this

------------------------------------------8<------------------------------------------
> getPool("something"):getCache():printStats()
Entries: 50/10000
Hits: 0
Misses: 50
Deferred inserts: 0
Deferred lookups: 0
Lookup Collisions: 0
Insert Collisions: 0
TTL Too Shorts: 0
------------------------------------------8<------------------------------------------

   Doing a getPool("something"):getCache():dump("/tmp/something.txt")
produces the following:

------------------------------------------8<------------------------------------------
; dnsdist's packet cache dump follows
;
example.com. 273 A ; key 413190091, length 58, tcp 0, added 1603910822
example.com. 272 A ; key 784025589, length 58, tcp 0, added 1603910821
example.com. 271 A ; key 1713953415, length 58, tcp 0, added 1603910820
example.com. 270 A ; key 2989777229, length 58, tcp 0, added 1603910819
example.com. 269 A ; key 3858109029, length 58, tcp 0, added 1603910818
example.com. 268 A ; key 3194490460, length 58, tcp 0, added 1603910817
example.com. 267 A ; key 1988260406, length 58, tcp 0, added 1603910816
example.com. 266 A ; key 2326683189, length 58, tcp 0, added 1603910815
... more rows until there's 50 of them ..
------------------------------------------8<------------------------------------------

    I guess I'm missing a config line to actually "read" from the
cache before considering it a miss and reinserting it into the cache,
but I can't find anything here ( https://dnsdist.org/guides/cache.html
) related to this.

    Does anyone have any insight on this ?

Thank you!

Regards,
-tbn