<div dir="ltr"><div dir="ltr">It is the idea of caching, but not beyond the record TTL surely? And why stop only when I reset another piece of software (whether I do that after 5 minutes or 4 hours).</div><div dir="ltr"><div><br></div><div>I'm finding that the upstream server is inconsistent in how much information it returns - just occasionally not returning anything beyond the first CNAME - which means that this is probably passed on to my program as such, which means that something else is involved in triggering it...</div><div><br></div><div>I don't expect this to be easy :(</div><div><br></div><div>I think we may have found the application bug (it just doesn't know how to handle a non IP address return), but I'd still like to understand the behaviour from dnsmasq.</div><div><br></div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, 20 Mar 2019 at 23:30, Geert Stappers <<a href="mailto:stappers@stappers.nl">stappers@stappers.nl</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">On Wed, Mar 20, 2019 at 09:00:20PM +0000, John Robson wrote:<br>
> Hi,<br>
> <br>
> I have a library which I think has a bug, but this bug is affecting DNS<br>
> queries, and bringing out some odd behaviour in dnsmasq...<br>
> <br>
> Program is making a query to resolve an address (<a href="http://foo.bar.com" rel="noreferrer" target="_blank">foo.bar.com</a>)<br>
> A normal query results in a CNAME (<a href="http://foo.bar.com.edgekey.net" rel="noreferrer" target="_blank">foo.bar.com.edgekey.net</a>), which results<br>
> in another CNAME (<a href="http://e1234.a.akamaiedge.net" rel="noreferrer" target="_blank">e1234.a.akamaiedge.net</a>) which has an A record.<br>
> <br>
> However every so often dnsmasq returns just the first CNAME.<br>
> Note I haven't yet caught it in the act of that first truncated response.<br>
> The only thing that makes sense to me is if the <a href="http://edgekey.net" rel="noreferrer" target="_blank">edgekey.net</a> name servers<br>
> didn't respond in good time... but....<br>
> <br>
> However the bug in the library then means it asks again, instantly. and<br>
> again... and again....<br>
> It manages over 100MB/ minute of DNS requests - dnsmasq answering them all<br>
> from the cache (I see *no* external requests for that address).<br>
<br>
Hey, that is the idea about DNS caching ...<br>
<br>
<br>
> When I restart the program the very first query (identical query as before)<br>
> gets a complete answer from dnsmasq.<br>
> <br>
> What I can't understand is how that restart makes any difference to dnsmasq.<br>
> Does dnsmasq have some sort of 'Oh hell the query load is insane I'm just<br>
> extending the cache a bit to help' mode which it then escapes from as the<br>
> program restarts?<br>
> There are no external queries for this name during the period of insanity,<br>
> but the first request after does get put to the external name servers.<br>
> <br>
> I'm running an 'external interface only' capture to try and capture the<br>
> initial error condition (which I very much doubt is a problem in dnsmasq),<br>
> to see if that can shed some light on the issue.<br>
> <br>
> <br>
> Thoughts? debug hints? laughter?<br>
<br>
<br>
To me it seems that the first DNS request from the application has<br>
"recursion". Upon encountering the bug is doing the app "non<br>
recursion". With "recusion" do I mean 'When the reply is not an A-record<br>
do a next query'.<br>
<br>
On debug hints: Currently is the suspected trigger of the bug<br>
a DNS that doesn't respond within good time. So make a "chain"<br>
of DNServers where you control the response time of one.<br>
<br>
Good luck with it. And feel welcome to report back.<br>
<br>
<br>
> Cheers,<br>
> John<br>
<br>
Groeten<br>
Geert Stappers<br>
-- <br>
Leven en laten leven<br>
<br>
_______________________________________________<br>
Dnsmasq-discuss mailing list<br>
<a href="mailto:Dnsmasq-discuss@lists.thekelleys.org.uk" target="_blank">Dnsmasq-discuss@lists.thekelleys.org.uk</a><br>
<a href="http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss" rel="noreferrer" target="_blank">http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss</a><br>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail_signature"><span style="font-size:12px"><strong>John Robson<br></strong></span><span style="font-size:12px"><br>
</span></div></div>