[dnsdist] frontend responses for resolver timeouts
Remi Gacogne
remi.gacogne at powerdns.com
Fri Jan 7 11:36:49 UTC 2022
Hi David,
On 07/01/2022 12:06, David Bader via dnsdist wrote:
> Hello,
>
> is my understanding correct, that dnsdist sends the client a
> ServFail answer after 2 seconds when the backend resolver does not
> respond within the timeout (2 seconds by default):
> https://www.dnsdist.org/reference/tuning.html#setUDPTimeout
>
> and the frontend-servfail counter is increased by one?
> https://www.dnsdist.org/statistics.html#frontend-servfail
I'm afraid dnsdist doesn't a ServFail when the backend resolver does not
respond within the UDP timeout, no, it just records that the query was
not answered in time and increases the 'downstream-timeouts' counter.
Not sending a ServFail should lead the client to retry, giving the
backend a second chance now that the answer might be (partially?) in cache.
dnsdist will answer with a ServFail if there is no backend available,
for example because the backend does not properly respond to
health-check queries, provided that setServFailWhenNoServer is set [1].
In that case both the 'no-policy' and 'frontend-servfail' counters will
be increased.
[1]: https://dnsdist.org/guides/serverselection.html#setServFailWhenNoServer
Hope that helps,
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20220107/3ec8ba03/attachment.sig>
More information about the dnsdist
mailing list