[Pdns-users] serveral ALIAS questions

Pieter Lexis pieter.lexis at powerdns.com
Mon Jun 11 15:32:44 UTC 2018 

Hi Klaus,

On Mon, 11 Jun 2018 12:53:45 +0200
Klaus Darilion <klaus.mailinglists at pernau.at> wrote:

> We soon put ALIAS into production. Hence, I have some questions to
> better understand what's going on internally in PDNS.
> 
> a) What happens if the backend query (from PDNS-auth to resolver) is
> unanswered? Will PDNS timeout the outstanding query or will it be kept
> on the list for ever? If it times out - will PDNS send any responses?

If it times out, it depends on whether the query came in via UDP or TCP.
Due to the design of the DNSProxy, we do not respond when the query came
in over UDP and will send SERVFAIL when the query came in via TCP.

> I stopped the resolver and sent a query to an ALIAS RR. My obervation
> is, that PDNS did send an upstream query, but it:
>  - does not resend to the resolver

Correct, we try it only once. A typical timeout from an upstream
resolver is 2 seconds, so we won't win anything if your downstream is
down (also resends are not possible due to the DNSProxy's current
design).

>  - does not send any response (eg SERVFAIL) upstream

See above, it only does this when the upstream query was TCP. But only
after we detected the timeout downstream (2 seconds).

> Hence I supsect that such unanswered backend queries will resist in some
> queue forever.

We keep a UDP conntrack table with a maximum of 2^16 entries and will
reuse IDs either if the query with that ID was answered _or_ there was
no answer for that ID after 60 seconds we re-use the ID. Note that I
opened a PR with some improvements in this area where this time is
reduced to 15 seconds[1].

For TCP, we set the RCODE to SERVFAIL and send it out from the DNSProxy,
then let the Auth handle the connection closing.

> Can you please comment an what really happens if the resolver is not
> available?

See above.

> b) AFAIS the backend query supports only UDP without EDNS0. Hence, only
> resposnes up to 512 bytes. Correct?

Correct. We would like to improve this in the future.

> c) AFAIS queries to ALIAS RRs are not cached in the packet cache. Why not?

Mostly because ALIAS is special. But your resolver's cache will hold the
answer so there will be little delay in answering.

Cheers,

Pieter

1 - https://github.com/PowerDNS/pdns/pull/6727

-- 
Pieter Lexis
PowerDNS.COM BV -- https://www.powerdns.com

More information about the Pdns-users mailing list