As reported by Stéphane Bortzmeyer on the mailing-list 1, dnsdist should be able to set cache control headers, as described in section 5.1 "Cache interaction" of rfc8484 2.
This would require parsing the response to extract the lowest TTL, which we try not to do by default for performance reason so perhaps that should be optional.
The text was updated successfully, but these errors were encountered:
I think the implication is the DoH layer gets just a response data back that it then sends back off to the client, and that either needs to extract the TTL (again) or the DoH layer needs to get the response data plus some meta data on the response as well.
The short answer is that the lowest TTL is computed by parsing the answer only when it is first inserted in the cache. We also update the TTLs on a cache hit so technically we could retrieve the lowest TTL at that time, but we currently don't.
Still, this information is not passed to the DoH layer, so we would have to either do the parsing again or to store it in the DNSQuestion object and pass it along. It's also a bit more complicated by the fact that there simply might not be any cache enabled, so if we decided to pass it along, we would also need to handle the case where the lowest TTL has not been computed yet.
IMHO we should the easiest option first and always compute the lowest TTL at the DoH layer, even if we already computed it at the caching layer. I would be inclined to make the cache-control headers optional so that the parsing can be skipped but it might not be worth the additional complexity.