[dnsdist] frontend responses for resolver timeouts

Remi Gacogne remi.gacogne at powerdns.com
Fri Jan 7 11:36:49 UTC 2022


Hi David,

On 07/01/2022 12:06, David Bader via dnsdist wrote:
> Hello,
> 
> is my understanding correct, that dnsdist sends the client a
> ServFail answer after 2 seconds when the backend resolver does not 
> respond within the timeout (2 seconds by default):
> https://www.dnsdist.org/reference/tuning.html#setUDPTimeout
> 
> and the frontend-servfail counter is increased by one?
> https://www.dnsdist.org/statistics.html#frontend-servfail

I'm afraid dnsdist doesn't a ServFail when the backend resolver does not 
respond within the UDP timeout, no, it just records that the query was 
not answered in time and increases the 'downstream-timeouts' counter. 
Not sending a ServFail should lead the client to retry, giving the 
backend a second chance now that the answer might be (partially?) in cache.

dnsdist will answer with a ServFail if there is no backend available, 
for example because the backend does not properly respond to 
health-check queries, provided that setServFailWhenNoServer is set [1]. 
In that case both the 'no-policy' and 'frontend-servfail' counters will 
be increased.

[1]: https://dnsdist.org/guides/serverselection.html#setServFailWhenNoServer

Hope that helps,
-- 
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20220107/3ec8ba03/attachment.sig>


More information about the dnsdist mailing list