[dnsdist] Handling lack of caching of TC responses

Dan McCombs dmccombs at digitalocean.com
Fri Nov 18 16:52:29 UTC 2022


Thanks for the sanity check Remi. I'll think through a little what would be
helpful for it and add a feature request, and maybe a PR at some point.

Jacob - the downstreams are pdns-recursor resolvers.

I ended up adding a rule to dnsdist for this specific host that we were
getting so many queries for to at least shield the downstreams (and
authoritatives for that domain) some. Dropped queries and downstream
timeouts have settled down after adding it, in case it's useful to anyone
else:

tc_hosts = newDNSNameSet()
tc_hosts:add(newDNSName("grid-use.bidswitch.net."))
addAction(AndRule{QNameSetRule(tc_hosts), TCPRule(false),
QTypeRule(DNSQType.A)}, TCAction())


Take care,

-Dan


Dan McCombs
Senior Engineer I - DNS
dmccombs at digitalocean.com


On Fri, Nov 18, 2022 at 4:42 AM Remi Gacogne via dnsdist <
dnsdist at mailman.powerdns.com> wrote:

> Hi Dan,
>
> On 18/11/2022 02:51, Dan McCombs via dnsdist wrote:
> > Is that something that's expected to happen once the full response has
> > been returned from a downstream over TCP? Is there some way to force TC
> > responses to have at least some minimal TTL? Or some way to have dnsdist
> > use its cached response rather than going back to the downstream in that
> > case on UDP queries?
>
> This is indeed an unfortunate consequence of the fact that there is no
> TTL on a truncated answer, and no way to set one, so the cache does not
> even try to store it.
> Perhaps it might make sense to cache these TC=1 answers for a
> configurable, very short amount of time. We already have a setting to
> cache "temporary failures", meaning Server Failure and Refused
> responses, for a short amount of time, so it would not be hard to
> implement the same behaviour for truncated answers.
> I think we have been reluctant to do that until now because some
> backends actually send TC=1 answers to specific clients, like in the RRL
> Slip case, and do not expect these answers to be served to other
> clients, but that might be OK as long as the caching is configurable and
> can be disabled.
>
> Would you mind opening a feature request on GH [1] so we can track this?
> I would also happily merge a corresponding pull request, of course :)
>
> Thanks!
>
> [1]: https://github.com/PowerDNS/pdns/issues/new/choose
>
> Best regards,
> --
> Remi Gacogne
> PowerDNS.COM BV - https://www.powerdns.com/
>
> _______________________________________________
> dnsdist mailing list
> dnsdist at mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/dnsdist
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20221118/4db9e2e1/attachment.htm>


More information about the dnsdist mailing list