[Dnsmasq-discuss] TTL for "temporary" NXDOMAIN

Simon Kelley simon at thekelleys.org.uk
Sat Sep 26 22:13:10 BST 2015

The short answer is that there's no way to make dnsmasq do that. It's a
pretty crazy way for a DNS server to behave.

The question is, why DNS lookups to you application are failing when it
restarts? DNS queries have timeouts and retries, so it should just wait
for it to come back. I guess we need more info on how it's implemented.



On 11/09/15 19:05, Pablo Fischer wrote:
> Hello folks,
> First off I know that I'm asking is risky but it would perhaps be the
> *easiest* way to achieve this.
> I've a small application running on all my hosts, the application
> (consul) provides service discovery and offers TTL. So far today we
> have dnsmasq "routing" the requests under ".consul" domain to the
> local application and the rest to the original /etc/resolve file, it
> works GREAT. Except when..
> If the application restarts, has an error or for X or Y reason is not
> able to respond then the DNS nslookups we do against dnsmasq end up
> failing with NXDOMAIN. We already changed the TTL from 0 (no cache at
> all) to 10s, pushing it more is pretty risky because then dnsmasq
> would end up returning hosts (under the service discovery) that
> shouldn't be there.
> I'm wondering if there is a way in dnsmasq (or if there is a
> patch/fork) that would basically do:
> If the local application does not return anything then dnsmasq would
> return a "cached" version of what was "known" for this NXDOMAIN. The
> tricky part here is that the cache version should have a TTL higher
> than the original 10s (perhaps 10/20m) _and_ when the nslookup starts
> working again (aka the local application comes back) then the TTL go
> back to the original TTL (10s).
> In terms of a real-work example:
>  1. You resolve foo.example.consul.colo.com
>  2. dnsmasq takes the request/question and forwards it to local application.
>  3. local applicatiion returns the answer of this request.
>  4. Then for some reason local application restarts or fails.
>  5. Your request foo.example.consul.colo.com goes to dnsmasq.
>  6. dnsmasq would get a NXDOMAIN then it returns a "cached" (10/20m)
> version of what was known.
>  7. The local application comes back and dnsmasq refreshes the cache
> and goes back to TTL of 10s.
> I know that playing with TTLs is a bit evil but I'm OK in giving it a
> shot. After all, the dnsmasq would only be used by localhost, no other
> host outside of it.
> Any way to achieve this?
> Thx!

More information about the Dnsmasq-discuss mailing list