[Pdns-users] Recursor: behaviour of packet cache
Øystein Viggen
oystein.viggen at ntnu.no
Thu Mar 16 12:43:27 UTC 2017
Brian Candler <b.candler at pobox.com> writes:
> Having added a name to the authoritative server, some clients querying
> the *same* pdns recursor consistently saw the new name, but others
> consistently saw NXDOMAIN! It was as if there were different views
> for different clients. (Sample dig exchanges at end of mail).
While I don't have any insight in the actual recursor code, I have had
similar experiences, and thought I'd share some thoughts.
I always assumed it was the way the the recursor does threading
(individual caches per thread?) that was the reason behind different
replies to the same query from different hosts. I may very well be
wrong there, of course.
Let's talk shortcuts for resolving the issue when you're in a hurry:
The one I generally use is "rec_control wipe-cache foo.ntnu.no". This
will clear the name "foo.ntnu.no" from the cache, without dropping
everything else. Call it the surgical alternative to restarting the
recursor.
It can take more than one FQDN, but note that it (last I checked)
doesn't do what you probably want if you give it an IP-address, but you
have to instead do "rec_control wipe-cache 67.56.241.129.in-addr.arpa"
to wipe the reverse PTR record for 129.241.56.67.
You also have the config options packetcache-ttl and max-negative-ttl.
These take a number of seconds. I used to have packetcache-ttl=20 way
back when the packetcache was new and wipe-cache only cleared the
regular cache. (wipe-cache has wiped also the packet cache for years
now).
I hope some of this might be helpful for tuning the recursor to work in
your environment.
Thanks,
Øystein
More information about the Pdns-users
mailing list