[Dnsmasq-discuss] Per entry TTL override
Simon Kelley
simon at thekelleys.org.uk
Thu Apr 3 20:37:59 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 02/04/14 22:32, Olivier Mauras wrote:
>
>
> On Mon, 2014-03-31 at 12:59 +0200, Olivier Mauras wrote:
>> Hello,
>>
>> Is it thinkable to allow a per entry TTL override system ? I have
>> actually two different needs that i'd like to discuss. First
>> NXDOMAINS. I'd like to cache NXDOMAIN from some forwarded domains
>> to a specific value. Cache time based on default SOA TTL may be
>> too long in some cases and requires a manual cache refresh :(
>> Easy example: Infra team provisions a new server and ping the
>> hostname asked to see if it's not already taken - Yes they could
>> act differently It's not, so result is cached and will stay for
>> 1H - default SOA TTL. Server provisioning takes 10mn, and
>> hostname is still cached as NX for 50mn :(
>>
>> Second is entry override. Some specific DNS entries could have a
>> different TTL than the default one - But not globally per entry
>> gives much more flexibility :)
>>
>>
>> Would that make sense to have a binding for request replies -
>> like the dhcp lua script support - or would this make more sense
>> as specific harcoded options? If this makes any sense at all
>> indeed :)
>>
>>
>> Thanks, Olivier
>>
>>
>> _______________________________________________ Dnsmasq-discuss
>> mailing list Dnsmasq-discuss at lists.thekelleys.org.uk
>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
> Seemed like i had a double neg-ttl declared in my config and my
> command line at the same time which make it to not be correctly
> handled... Also seems that no matter what neg-ttl is set to, the
> first NXDOMAIN on a cold cache, always get the SOA TTL, am i
> missing something ?
neg-ttl does not override the SOA TTL, it provides a TTL for NXDOMAIN
if the upstream server doesn't include an SOA. (Lots of ISP
nameservers seem to strip that information for "bandwidth saving") If
you upstream servers include SOA, as they should, then neg-ttl will
have no effect.
>
>
> Any feedback on per entry TTL override
I'm not sure about that, it seems to me to be fiddly and prone to
errors. You first example could be fixed by using --no-negcache. It
would be less efficient, but it would always work. If you're going to
set a TTL in that case, what's the correct value that will always
work? I don't think there is one.
I'm interested in other opinions.
Cheers,
Simon.
>
>
> Thanks, Olivier
>
>
>
> _______________________________________________ Dnsmasq-discuss
> mailing list Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlM9xqcACgkQKPyGmiibgrf1IACeLu0EOFKHF0AGeALvFtxnSd/6
PUUAnRliZ55VNxqPSyY69h5ytA7KjyEV
=UO5/
-----END PGP SIGNATURE-----
More information about the Dnsmasq-discuss
mailing list