[dnsdist] Responding from cache when all pool servers are down?

Aaron de Bruyn aaron at heyaaron.com
Tue Nov 1 22:03:09 UTC 2022 

Hey everyone,

I'm running dnsdist 1.7.2, and I've been back and forth through the documentation about 20 times now and can't figure out how to accomplish serving from the cache when all pool servers are down without dnsdist timing out.

I have two pools (internal-local and internal-remote) that handle serving an internal domain:

newServer ({address='10.142.0.250', name='srv1', checkName='example.internal', useProxyProtocol=false, mustResolve=true, tcpRecvTimeout=5, tcpSendTimeout=5, order=10, pool='internal-local'})

newServer ({address='10.133.0.250', name='srv2', checkName='example.internal', useProxyProtocol=false, mustResolve=true, tcpRecvTimeout=5, tcpSendTimeout=5, order=10, pool='internal-remote'})

<snip about 30 internal-remote servers>

The rules for those pools are:

InternalDomain = newSuffixMatchNode()
InternalDomain:add(newDNSName('example.internal'))

addAction(AndRule({SuffixMatchNodeRule(InternalDomain), PoolAvailableRule("internal-local")}), PoolAction("internal-local"))
addAction(AndRule({SuffixMatchNodeRule(InternalDomain), PoolAvailableRule("internal-remote")}), PoolAction("internal-remote"))

As long as one internal server is up, I'm able to hit the cache or the server itself because of the PoolAvailableRule.
If all the internal servers are offline, but at least one of the remote servers is online, I can hit the cache or the remote server because of the PoolAvailableRule.

But in some rare cases, both the local internal server and remote servers are all unavailable.

This causes me to hit the next action which prevents queries from getting passed on to external DNS resolvers.
addAction(SuffixMatchNodeRule(InternalDomain), RCodeAction(DNSRCode.SERVFAIL))

If I remove the PoolAvailableRule from the "internal-remote" pool, I can hit the cache (or potentially a remote server if it's up), but uncached items when all servers are down will cause the 2-second DNS timeout

If I toss all the local and remote servers into one pool, I basically get the functionality I want, but I lose the ability to direct queries to the local (or less latent) servers first.

Is there a way to specifically respond to cached items and return SERVFAIL if it's not in the cache?

Thanks,

-A
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20221101/46e9983e/attachment.htm>

More information about the dnsdist mailing list