[Dnsmasq-discuss] 2.85: .. cache refresh problems?
Steffen Nurpmeso
steffen at sdaoden.eu
Sat Apr 24 22:29:10 UTC 2021
Steffen Nurpmeso wrote in
<20210422212628.eSXGa%steffen at sdaoden.eu>:
|Since a few weeks ago i sometimes see mail delivery from a few
|domains (most often: mx2.freebsd.org, lesser so netbsd.org,
|ietf.org, crux.nu) being blocked by a simple-minded postfix
|log parser on my side (that i finally started using some months
|ago). Since i realized what was going on i (1) changed the
|upstream DNS server=s of dnsmasq, (2) changed neg-ttl and
|increased cache-size to lower impact, finally started verifying
|postfix DNS reports which until now avoids blocking precious
|upstream servers:
...
|What _is_ new on my side is that i have "dnssec" enabled now.
So before changing back to dnssec-less (because i mysteriously
even saw failures for wikipedia etc. coming up since yesterday)
a USR1 dump:
cache size 10000, 0/13855 cache insertions re-used unexpired cache entries.
queries forwarded 11524, queries answered locally 4083
queries for authoritative zones 0
pool memory in use 36336, max 47808, allocated 480000
server 8.8.8.8#53: queries sent 8107, retried or failed 218
server 217.160.188.24#53: queries sent 10416, retried or failed 775
Now
cache size 10000, 0/1188 cache insertions re-used unexpired cache entries.
queries forwarded 817, queries answered locally 888
queries for authoritative zones 0
pool memory in use 48, max 48, allocated 2400
server 8.8.8.8#53: queries sent 418, retried or failed 10
[to be removed again, leftover]
server 217.160.188.24#53: queries sent 194, retried or failed 3
server 217.144.128.34#53: queries sent 569, retried or failed 8
|What seems to happen is that the dnsmasq cache entry expires, and
|a following DNS lookup fails, so that negative cache entries are
|delivered for a while. For example
Well, whatever. A pity, EDNS sometimes, others want TCP, i do not
know. I suspend delivery again :), it was just a thought that
this possibly is a regression, i have not used dnssec before,
i just wonder why the picture is so bad ... and maybe other people
would have found surprises in logs, too. Whatever.
Ciao and a nice Sunday i wish from Germany,
--steffen
|
|Der Kragenbaer, The moon bear,
|der holt sich munter he cheerfully and one by one
|einen nach dem anderen runter wa.ks himself off
|(By Robert Gernhardt)
More information about the Dnsmasq-discuss
mailing list