[Pdns-users] Immediate update visibility

Otto Moerbeek otto at drijf.net
Wed Mar 9 07:52:29 UTC 2022 

On Wed, Mar 09, 2022 at 08:32:24AM +0100, Otto Moerbeek via Pdns-users wrote:

> On Wed, Mar 09, 2022 at 07:08:51AM +0000, Daniel Miller via Pdns-users wrote:
> 
> > I started to ask how to do something apparently non-standard - which
> > probably means I'm doing it wrong.
> > 
> > I'm locally hosting my domain records using the authoritative server and
> > also using a recursor. The recursor is configured with a list of
> > forward-zones. My master server just has the auth & recursor running (on
> > different internal IPs) - my slave server uses dnsdist in front of its own
> > instances of auth & recursor (I'm still getting used to dnsdist).
> > 
> > I include all that just in case it's relevant - but I had this issue prior
> > to dnsdist and prior to replication so I'm hoping not.
> > 
> > Anyway, after all that - when I make a change to a domain record using
> > pdnsutil or an external tool using the API - the changes are immediately
> > applied to the zone but are not immediately visible through the recursor. To
> > make that happen I need to either flush the cache or just restart the
> > recursor.
> > 
> > This is an issue when creating/updating ACME challenge records - I haven't
> > been able to totally automate the process. I need to introduce lengthy
> > delays, try manually applying the changes, restart the servers, whatever.
> > 
> > So - either I'm just doing this wrong (likely) or I need to ask: is there a
> > way to make changes in the auth server immediately visible in the recursor?
> > Possibly by explicitly disabling caching for the internal zones? Probably a
> > bad idea but I can't think how else to accomplish this.
> 
> No, you're dot doing something wrong. This is the way te recursor
> works, it is heavily dependent on caching to make it fast. One way is
> to set a low (negative) max-{cache,negative}-ttl, but that has
> performance impact and still introduces a delay. 
> 
> But starting with 4.6.0 the recusor is able to process notifies and
> clear the caches for the notified zone. See
> https://docs.powerdns.com/recursor/settings.html#allow-notify-for and
> related settings. 
> 
> Typically, you configure your domain on the authoritative server with
> the general "also-notify" setting or ALSO-NOTIFY meta data setting per
> domain.
> 
> 	-Otto

Bah, I should learn not to reply before morning coffee. This feature
in the recursor is cool, but as Brian says in the other mail, this is
not appplicable to your problem,

Thanks to Brian for the proper answer!

	-Otto

More information about the Pdns-users mailing list