[Pdns-users] retaining cache

Mike mike+lists at yourtownonline.com
Wed May 27 20:33:11 UTC 2020


    I already know Im going to get in trouble with the dns protocol
police, and probably shoot myself in the foot at the same time, however....

    I know of a large service provider that has foolishly put both
authoritative name servers for their domain on the same subnet, and for
which has occasional routing propagation issues which make it impossible
to reach their domain servers from some portions of the net but not
others. The services themselves, such as their MX host, continues to be
accessible, but the nameservers that tell you where the MX host is, are
occasionally not. I was thinking one possible valid approach, could
simply be a secondary cache where pdns will move records that reach
normal cache expiration. This secondary cache then attempts to
re-validate records with the auth servers, and if it gets NXDOMAIN or
updated data, flush or update the cache per normal. But, pdns would
continue answering queries out of this secondary cache (with a low ttl),
as long as it has not received any other authoritative data, at which
point when it does, the entry could go back into primary cache (or remove).

    I don't think the size of this secondary cache would grow out of
control because we're really just tracking records that we cannot a get
answers about either way from their primary auth servers. I don't see
where this would break anything either since, again, deletion from the
cache would be due to NXDOMAIN from an auth server, either the domain
auth or the root. 

    Anyone want to (gently) shoot me down....?


More information about the Pdns-users mailing list