lists at verreckte-cheib.ch
Tue Sep 22 11:54:07 UTC 2020
Thank you for your answers.
On 22.09.20 11:48, Daniel Stirnimann wrote:
> Hello Tom,
> On 22.09.20 11:26, Tom via dnsdist wrote:
>> When I now want to query the cache via console, I always get the
>> following error:
>> > getPool("bind"):getCache()
>> Command returned an object we can't print: Trying to cast a lua variable
>> from "userdata" to
>> Any hints for this?
> getCache() returns a PacketCache class. You cannot print the class on
> the console but need to do something with it e.g.:
This make sense...
>> My 2nd question:
>> Assuming the dnsdist-cache is working, has a A-Record-cache-entry for
>> "www.example.com" and dnsdist is in front of a resolver and the resolver
>> (backend) stops working. dnsdist has the record "www.example.com" still
>> in his cache, because only the backend server stops working. Why does
>> dnsdist not answer the query for "www.example.com" from the cache, when
>> the backend server is "down"? Is there a configuration option for this?
> From your previous config snippet it looks like you are already using
> staleTTL=60: int - When the backend servers are not reachable, and
> global configuration setStaleCacheEntriesTTL is set appropriately, TTL
> that will be used when a stale cache entry is returned.
> How do you verify that dnsdist is not answering queries from the cache?
Verifying the cache before the backend server is down:
Dumped 7 records
$ cat /tmp/test4
; dnsdist's packet cache dump follows
www.google.com. 223 A ; key 1016681760, length 87, tcp 0, added 1600774835
www.google.com. 223 A ; key 2656564995, length 87, tcp 0, added 1600774834
www.google.com. 223 A ; key 978655059, length 87, tcp 0, added 1600774834
www.google.com. 223 A ; key 909047115, length 87, tcp 0, added 1600774833
www.google.com. 223 A ; key 3059942742, length 87, tcp 0, added 1600774833
www.google.com. 223 A ; key 3932187633, length 87, tcp 0, added 1600774832
www.google.com. 223 A ; key 2216669160, length 87, tcp 0, added 1600774832
Then stopping the backend server. Verifying the cache again.., shows
still seven entries. Then dig'ing dnsdist (not the backend!) with "dig
@192.168.1.2 www.google.com" gives me a query timeout instead the A
record for www.google.com. There's also no ip address in the cache dump
Must the backend server being up to get a cached responses from dnsdist?
Or do I misunderstand packetcache/dnscache here?
> Keep in mind that dnsdist caches packets and not responses to DNS
> queries. Recent 'dig' versions have EDNS cookies enabled by default.
> Each of your queries (packets) will therefore differ. Try 'dig' with
More information about the dnsdist