[Dnsmasq-discuss] One Request to Flush Them All

Simon Kelley simon at thekelleys.org.uk
Tue Jan 7 21:52:39 UTC 2025 

On 02/01/2025 11:50, Gilad Moav wrote:
> Hi, I wanted to share an observation regarding Dnsmasq's cache behavior 
> that might warrant attention.
> 
> It seems that if a DNS response exceeds the configured cache size, 
> issuing a new DNS request causes Dnsmasq to flush its entire cache.
> 
> This behavior is easily reproducible:
> 
> 1. Request a DNS resolution for kong.sub.mov.lat (ensuring you're using 
> EDNS with the truncation flag, or DNS over TCP).
> 2. After the response, request the resolution of any other domain.
> 
> Upon doing so, the entire cache is wiped, leaving only the latest 
> response in the cache.
> 
>  From what I’ve gathered, it appears that all entries related to the 
> oversized response are treated as a single entity within the cache. When 
> a new response is cached, instead of freeing just enough space for the 
> new entry, the system flushes the entire cache.

This isn't the case. the limit is resource records, not resource-record 
_sets_ Each RR counts towards the limit, so with the default cache size 
of 150 and a RRset (in this case) greater than 150, the code attempts to 
insert  RRs, evicting all existing entries in the process. Once there 
are no more existing entries to evict, but members of the RRset left to 
insert, the insertion process fails, but the existing entries are gone.

Somewhat strange corner case, but not catastrophic behaviour. The 
solution is to increase the cache size: the default to very small.>
> Please let me know your thoughts on this or if further clarification is 
> needed.

I think the behaviour is OK, but in testing this I did find a mysterious 
  arbitrary limit in the DNSSEC code that caused it to barf on that 
RRset, which isn't good. I fixed that.

Cheers,

Simon.
> 
> Best regards,
> Gilad.
> 
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

More information about the Dnsmasq-discuss mailing list