[Dnsmasq-discuss] Caching of results when using server=/domain/ip#port
Nathan Sullivan
nathan at nightsys.net
Thu Oct 1 23:27:51 BST 2015
Hi All,
I am struggling with a specific use case of dnsmasq, involving localised
DNS caches on servers, and was hoping for some external input.
We use a service discovery subsystem known as Consul (https://consul.io/),
which provides a DNS interface (https://consul.io/docs/agent/dns.html) to
find other servers on our network. There is no DNS caching functionality
within Consul that I can tell.
We have dnsmasq installed on local machines, with upstream resolvers
(ISP/Google etc) and resolv.conf pointing at 127.0.0.1, this provides us
with local DNS caching for general Internet DNS resolution.
In addition, we have a config entry that looks like this:
server=/consul/172.17.42.1#8600 <http://172.17.42.1/#8600>
This sends all requests for *.consul to the nameserver 172.17.42.1 (docker0
interface), on UDP 8600, which resides on the local machine.
These requests are being responded to correctly, and we have Consul
configured to return a max 3 second TTL on result sets (standard A records
in this case). For some reason though, dnsmasq is not caching this and
decrementing the TTL on subsequent requests for the same hostname, it is
instead re-requesting a result from Consul.
One interesting find, the responses from dnsmasq appear with the "aa" flag,
denoting an authoritative answer. Does this imply that dnsmasq believes it
is authoritative for the results via this nameserver, as opposed to just
acting as a recursor?
Is there an additional configuration option we need to set at all to make
dnsmasq appear as a caching recursive resolver only here?
Tested on dnsmasq versions 2.68 (Ubuntu 14.04.2 packages) and 2.75 built
from source.
See below our config and some example queries, relevant lines of interest
in bold:
-----------------------------------------------
*dnsmasq.conf*
no-hosts
strict-order
cache-size=5000
no-resolv
no-poll
bind-interfaces
interface=lo
no-dhcp-interface=lo
interface=docker0
no-dhcp-interface=docker0
server=/consul/172.17.42.1#8600
server=8.8.8.8
server=8.8.4.4
*Query to upstream server direct:*
root at ip-10-201-0-230:~# dig @172.17.42.1
d8607ce495db.node.aws-us-east-1.consul
; <<>> DiG 9.9.5-3ubuntu0.5-Ubuntu <<>> @172.17.42.1
d8607ce495db.node.aws-us-east-1.consul
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25786
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;d8607ce495db.node.aws-us-east-1.consul. IN A
;; ANSWER SECTION:
*d8607ce495db.node.aws-us-east-1.consul. 3 IN A 10.20.0.230*
;; Query time: 3 msec
;; SERVER: 172.17.42.1#53(172.17.42.1)
;; WHEN: Thu Oct 01 05:01:21 UTC 2015
;; MSG SIZE rcvd: 110
-----------------------------------------------
*Multiple queries against local dnsmasq in short succession, expecting a
decrementing TTL (starting at 3 seconds):*
root at ip-10-201-0-230:~# date; dig d8607ce495db.node.aws-us-east-1.consul
*Thu Oct 1 05:01:54 UTC 2015*
; <<>> DiG 9.9.5-3ubuntu0.5-Ubuntu <<>>
d8607ce495db.node.aws-us-east-1.consul
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45386
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;d8607ce495db.node.aws-us-east-1.consul. IN A
;; ANSWER SECTION:
*d8607ce495db.node.aws-us-east-1.consul. 3 IN A 10.20.0.230*
;; Query time: 2 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Oct 01 05:01:54 UTC 2015
;; MSG SIZE rcvd: 110
root at ip-10-201-0-230:~# date; dig d8607ce495db.node.aws-us-east-1.consul
*Thu Oct 1 05:01:55 UTC 2015*
; <<>> DiG 9.9.5-3ubuntu0.5-Ubuntu <<>>
d8607ce495db.node.aws-us-east-1.consul
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30672
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;d8607ce495db.node.aws-us-east-1.consul. IN A
;; ANSWER SECTION:
*d8607ce495db.node.aws-us-east-1.consul. 3 IN A 10.20.0.230*
;; Query time: 2 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Oct 01 05:01:55 UTC 2015
;; MSG SIZE rcvd: 110
root at ip-10-201-0-230:~# date; dig d8607ce495db.node.aws-us-east-1.consul
*Thu Oct 1 05:01:55 UTC 2015*
; <<>> DiG 9.9.5-3ubuntu0.5-Ubuntu <<>>
d8607ce495db.node.aws-us-east-1.consul
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4229
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;d8607ce495db.node.aws-us-east-1.consul. IN A
;; ANSWER SECTION:
*d8607ce495db.node.aws-us-east-1.consul. 3 IN A 10.20.0.230*
;; Query time: 2 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Oct 01 05:01:55 UTC 2015
;; MSG SIZE rcvd: 110
Regards,
Nathan Sullivan.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20151002/1f2e0bf5/attachment-0001.html>
More information about the Dnsmasq-discuss
mailing list