[Dnsmasq-discuss] TTL for "temporary" NXDOMAIN

Pablo Fischer pablo at pablo.com.mx
Fri Sep 11 19:05:26 BST 2015

Hello folks,

First off I know that I'm asking is risky but it would perhaps be the
*easiest* way to achieve this.

I've a small application running on all my hosts, the application
(consul) provides service discovery and offers TTL. So far today we
have dnsmasq "routing" the requests under ".consul" domain to the
local application and the rest to the original /etc/resolve file, it
works GREAT. Except when..

If the application restarts, has an error or for X or Y reason is not
able to respond then the DNS nslookups we do against dnsmasq end up
failing with NXDOMAIN. We already changed the TTL from 0 (no cache at
all) to 10s, pushing it more is pretty risky because then dnsmasq
would end up returning hosts (under the service discovery) that
shouldn't be there.

I'm wondering if there is a way in dnsmasq (or if there is a
patch/fork) that would basically do:

If the local application does not return anything then dnsmasq would
return a "cached" version of what was "known" for this NXDOMAIN. The
tricky part here is that the cache version should have a TTL higher
than the original 10s (perhaps 10/20m) _and_ when the nslookup starts
working again (aka the local application comes back) then the TTL go
back to the original TTL (10s).

In terms of a real-work example:

 1. You resolve foo.example.consul.colo.com
 2. dnsmasq takes the request/question and forwards it to local application.
 3. local applicatiion returns the answer of this request.
 4. Then for some reason local application restarts or fails.
 5. Your request foo.example.consul.colo.com goes to dnsmasq.
 6. dnsmasq would get a NXDOMAIN then it returns a "cached" (10/20m)
version of what was known.
 7. The local application comes back and dnsmasq refreshes the cache
and goes back to TTL of 10s.

I know that playing with TTLs is a bit evil but I'm OK in giving it a
shot. After all, the dnsmasq would only be used by localhost, no other
host outside of it.

Any way to achieve this?


More information about the Dnsmasq-discuss mailing list