[Dnsmasq-discuss] Per entry TTL override

Olivier Mauras olivier at core-hosting.net
Sun Apr 6 11:38:37 UTC 2014 


On Sat, 2014-04-05 at 20:20 +0100, Simon Kelley wrote:
> On 03/04/14 23:10, Olivier Mauras wrote:
> > 
> > 
> > On Thu, 2014-04-03 at 21:37 +0100, Simon Kelley wrote:
> >> On 02/04/14 22:32, Olivier Mauras wrote:
> >>> 
> >>> 
> >>> On Mon, 2014-03-31 at 12:59 +0200, Olivier Mauras wrote:
> >>>> Hello,
> >>>> 
> >>>> Is it thinkable to allow a per entry TTL override system ? I
> >>>> have actually two different needs that i'd like to discuss.
> >>>> First NXDOMAINS. I'd like to cache NXDOMAIN from some
> >>>> forwarded domains to a specific value. Cache time based on
> >>>> default SOA TTL may be too long in some cases and requires a
> >>>> manual cache refresh :( Easy example: Infra team provisions a
> >>>> new server and ping the hostname asked to see if it's not
> >>>> already taken - Yes they could act differently It's not, so
> >>>> result is cached and will stay for 1H - default SOA TTL.
> >>>> Server provisioning takes 10mn, and hostname is still cached
> >>>> as NX for 50mn :(
> >>>> 
> >>>> Second is entry override. Some specific DNS entries could
> >>>> have a different TTL than the default one - But not globally
> >>>> per entry gives much more flexibility :)
> >>>> 
> >>>> 
> >>>> Would that make sense to have a binding for request replies
> >>>> - like the dhcp lua script support - or would this make more
> >>>> sense as specific harcoded options? If this makes any sense
> >>>> at all indeed :)
> >>>> 
> >>>> 
> >>>> Thanks, Olivier
> >>>> 
> >>>> 
> >>>> _______________________________________________
> >>>> Dnsmasq-discuss mailing list
> >>>> Dnsmasq-discuss at lists.thekelleys.org.uk 
> >>>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> >>>
> >>>
> >>>> 
> Seemed like i had a double neg-ttl declared in my config and my
> >>> command line at the same time which make it to not be
> >>> correctly handled... Also seems that no matter what neg-ttl is
> >>> set to, the first NXDOMAIN on a cold cache, always get the SOA
> >>> TTL, am i missing something ?
> >> 
> >> neg-ttl does not override the SOA TTL, it provides a TTL for
> >> NXDOMAIN if the upstream server doesn't include an SOA. (Lots of
> >> ISP nameservers seem to strip that information for "bandwidth
> >> saving") If you upstream servers include SOA, as they should,
> >> then neg-ttl will have no effect.
> >>> 
> >>> 
> >>> Any feedback on per entry TTL override
> >> 
> >> I'm not sure about that, it seems to me to be fiddly and prone
> >> to errors. You first example could be fixed by using
> >> --no-negcache. It would be less efficient, but it would always
> >> work. If you're going to set a TTL in that case, what's the
> >> correct value that will always work? I don't think there is one.
> >> 
> >> I'm interested in other opinions.
> >> 
> >> 
> >> Cheers,
> >> 
> >> 
> >> Simon.
> >> 
> >>> 
> >>> 
> >>> Thanks, Olivier
> >>> 
> >>> 
> >>> 
> >>> _______________________________________________
> >>> Dnsmasq-discuss mailing list
> >>> Dnsmasq-discuss at lists.thekelleys.org.uk 
> >>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> >>>
> >>
> >>
> >>> 
> _______________________________________________
> >> Dnsmasq-discuss mailing list 
> >> Dnsmasq-discuss at lists.thekelleys.org.uk 
> >> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> > 
> > True that no-negcache would fix my first example, but wouldn't
> > caching for a definite time be more efficient?
> 
> How much does a cache miss cost. Why bother tuning the TTLs and
> _still_ risking that you've made them too long and something breaks.
> Caching is an optimisation. If an optimisation can lead to different
> results in in the system, then it's broken and should be turned off,
> not tweaked so it breaks less often.
> > 
I agree, but in my case i would like to make them shorter than the
default TTL from upstream.
I guess the workaround, would be to give a globally shorter TTL to
clients, just less efficient if i need to override like 10 entries...
> > I actually have weird behavior when cascading dnsmasq instances. 
> > 127.0.0.1 forwarding to a dnsmasq instance, forwarding to an
> > unbound server... 127.0.0.1 on first query receives the SOA TTL,
> > but as the forwarded dnsmasq instance has cached, it returns 0 as
> > TTL. So clearing cache on 127.0.0.1 and asking again same query
> > will return with neg-ttl as the TTL.
> 
> That's because dnsmasq doesn't cache SOA's so cascaded dnsmasq
> instances can lose the SOA TTL information.
> 
> > I agree it's pretty particular but having a "neg-cache-ttl" would 
> > prevent this _and_ be efficient enough :)
> > 
> > That was for NXDOMAINS, what about overriding TTL for standard
> > entry? opinions?
> 
> I'm not clear what you're suggesting. Override local names, from
> /etc/hosts etc. They get "0" TTLS now. Or names loaded from uspstream
> nameservers?
From upstream.
> 
> 
> Cheers,
> 
> Simon
> 
> > 
> > 
> > Thanks, Olivier
> > 
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20140406/808daaf6/attachment-0001.sig>

More information about the Dnsmasq-discuss mailing list