Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
dnsdist - inconsistent responses from cache #4983
SecondaryCache = newPacketCache(2000000, 86400, 0)
I have complaints from clients asking for A record of skye.exxonmobil.com which is 126.96.36.199 with TTL of 300 sec. For some reason dnsdist starts to respond with NXDOMAIN to some clients. It responds either with the correct answer or NXDOMAIN to different clients in the same moment. I have a pcapng capture of such behavior.
Clearing the record from cache solves the issue for couple of hours:
I had to add a rule skipping cache for this domain. I am afraid that also other domains could be affected.
Thanks for help.
Looking at your capture, it looks like we have two different answers in the cache:
thanks for your answer. Regarding the EDNS0 and the clients - the queries in the trace above were generated manually from two different Linux boxes having different dig version. One of them use EDN0 by default, the second one (the old one) not.
Real client are not using EDNS0. They seems to be iPhones with MS ActiveSync client. You can see it here. I think see your point regarding caching two different answers. Unfortunately there are only several NXDOMAIN rules in my config and none of them seems to be interfering with this particular domain at all:
Then just some quarantine rules etc. follow. Nothing what could send NXDOMAIN.
Hi Remi. I think I have found it. There is an issue in authoritative NS of exxonmobil.com. One of three NS does not respond correctly - does not even know this domain. What confused me was the fact that when asking backends directly there were correct record all the time. So my theory is that the negative answer was cached in dnsdist and persisted there while the backends had already refreshed records... TTL is just 300 sec here. How is it with negative caching on dnsdist?
I should have checked it first. Sorry for that.
Ok, so indeed
I'll open a PR to prevent the caching of answers with no RRs soon.