[Pdns-users] Immediate update visibility

Otto Moerbeek otto at drijf.net
Wed Mar 9 07:32:24 UTC 2022 

On Wed, Mar 09, 2022 at 07:08:51AM +0000, Daniel Miller via Pdns-users wrote:

> I started to ask how to do something apparently non-standard - which
> probably means I'm doing it wrong.
> 
> I'm locally hosting my domain records using the authoritative server and
> also using a recursor. The recursor is configured with a list of
> forward-zones. My master server just has the auth & recursor running (on
> different internal IPs) - my slave server uses dnsdist in front of its own
> instances of auth & recursor (I'm still getting used to dnsdist).
> 
> I include all that just in case it's relevant - but I had this issue prior
> to dnsdist and prior to replication so I'm hoping not.
> 
> Anyway, after all that - when I make a change to a domain record using
> pdnsutil or an external tool using the API - the changes are immediately
> applied to the zone but are not immediately visible through the recursor. To
> make that happen I need to either flush the cache or just restart the
> recursor.
> 
> This is an issue when creating/updating ACME challenge records - I haven't
> been able to totally automate the process. I need to introduce lengthy
> delays, try manually applying the changes, restart the servers, whatever.
> 
> So - either I'm just doing this wrong (likely) or I need to ask: is there a
> way to make changes in the auth server immediately visible in the recursor?
> Possibly by explicitly disabling caching for the internal zones? Probably a
> bad idea but I can't think how else to accomplish this.

No, you're dot doing something wrong. This is the way te recursor
works, it is heavily dependent on caching to make it fast. One way is
to set a low (negative) max-{cache,negative}-ttl, but that has
performance impact and still introduces a delay. 

But starting with 4.6.0 the recusor is able to process notifies and
clear the caches for the notified zone. See
https://docs.powerdns.com/recursor/settings.html#allow-notify-for and
related settings. 

Typically, you configure your domain on the authoritative server with
the general "also-notify" setting or ALSO-NOTIFY meta data setting per
domain.

	-Otto


> 
> --
> Daniel

> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/pdns-users

More information about the Pdns-users mailing list