[Pdns-users] retaining cache

Thomas Mieslinger miesi at mail.com
Thu May 28 06:37:29 UTC 2020


Hi Mike,

 >      Anyone want to (gently) shoot me down....?

not really.

Of course, the correct fix would be to fix the authoritative setup.

You could do some research on your end to see how many requests your
servers are doing towards the service provider. Maybe you run in some
sort of rate limiting.

On the other hand I have failed to remove my blacklisted recursor source
ips from national-lottery.co.uk/nsX.camelotinteractive.com (speaking of
the recursors used by gmx.net/web.de/mail.com mail system) to be able to
resolve the MX records for national-lottery.co.uk.

My fix was to add a forward to cloudflare/google dns for this (in my
opinion bad behaving) domain to empty up the mailqueues and stop
customer complaints.

Cheers

Thomas

On 5/27/20 10:33 PM, Mike via Pdns-users wrote:
> Hi,
>
>      I already know Im going to get in trouble with the dns protocol
> police, and probably shoot myself in the foot at the same time, however....
>
>      I know of a large service provider that has foolishly put both
> authoritative name servers for their domain on the same subnet, and for
> which has occasional routing propagation issues which make it impossible
> to reach their domain servers from some portions of the net but not
> others. The services themselves, such as their MX host, continues to be
> accessible, but the nameservers that tell you where the MX host is, are
> occasionally not. I was thinking one possible valid approach, could
> simply be a secondary cache where pdns will move records that reach
> normal cache expiration. This secondary cache then attempts to
> re-validate records with the auth servers, and if it gets NXDOMAIN or
> updated data, flush or update the cache per normal. But, pdns would
> continue answering queries out of this secondary cache (with a low ttl),
> as long as it has not received any other authoritative data, at which
> point when it does, the entry could go back into primary cache (or remove).
>
>      I don't think the size of this secondary cache would grow out of
> control because we're really just tracking records that we cannot a get
> answers about either way from their primary auth servers. I don't see
> where this would break anything either since, again, deletion from the
> cache would be due to NXDOMAIN from an auth server, either the domain
> auth or the root.
>
>
>
> Mike-
>
>
>
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/pdns-users
>


More information about the Pdns-users mailing list