Disable neg-cache for few domains

[uruddarraju]

Is there a way to disable neg-caching for a particular domain similar to what dnsmasq provides with the no-neg-cache flag ?

I ask this to do a possible workaround to this issue I am facing here, but also wanted to understand the reasoning behind not having a flag to disable neg-cache.

[chrisohaver]

You can disable negative cache by setting denial size to zero. See : https://github.com/coredns/coredns/tree/master/plugin/cache

[uruddarraju]

This is my config:

    consul:53 {
        log . {
          class denial
        }
        errors
        forward . 10.10.0.53:53
        reload
        cache {
          success 1000
          denial 0
        }
    }
    .:53 {
        errors
        health
        kubernetes cluster.local {
          pods insecure
          upstream
          fallthrough in-addr.arpa ip6.arpa
        }
        prometheus :9153
        forward . 10.1.0.2
        cache 300
        loop
        reload
        loadbalance
    }

Can you verify this for me ? I still see the requests hitting cache for AAAA resolution as I see a log:

2019-02-20T20:22:14.343Z [INFO] 10.10.49.179:52091 - 48118 "AAAA IN helloworld.server.local.consul. udp 59 false 512" NOERROR qr,rd 136 0.000071319s

which is missing aa response flag. From my understanding, aa is not returned when the request is served from cache.

I am using coredns coredns/coredns:1.3.1.

[chrisohaver]

Looks right, should work. As sanity check, you could remove the cache plugin entirely from consul server block the to see if the flags are as you expect without cache.

[uruddarraju]

@chrisohaver I did that. When cache is entirely disabled, the aa flags are set on the response and things work as expected because they are directly served from the forwarded nameserver.

Also I just looked at the code to find the following in here (https://github.com/coredns/coredns/blob/master/plugin/pkg/cache/cache.go#L31-L45):

// New returns a new cache.
func New(size int) *Cache {
	ssize := size / shardSize
	if ssize < 4 {
		ssize = 4
	}

	c := &Cache{}

	// Initialize all the shards
	for i := 0; i < shardSize; i++ {
		c.shards[i] = newShard(ssize)
	}
	return c
}

which is setting the size to 4, if the derived shard_size is less than 0. So there are shards being initialized even when I requested for a cache size of zero. Did I read that right ?

[chrisohaver]

Hmm. Yes. And reading the docs again, It seems that the minimum allowed cache size is 1024. Which means there is no way to disable cache for one and not the other. So, I have misled you (and probably a few other people too). Sorry!

[chrisohaver]

Maybe if TTL 0 is allowed?

        cache {
          success 1000
          denial 0 0
        }

[chrisohaver]

Seems no ...

return nil, fmt.Errorf("cache TTL can not be zero or negative: %d", ttl)

[uruddarraju]

@chrisohaver The binary panics and quits immediately sayong the config is invalid, possible because of this code here: https://github.com/coredns/coredns/blob/master/plugin/cache/setup.go#L67

[chrisohaver]

Well - IMO there should be a way to disable one of the caches and not the other.
Good feature request.

[stp-ip]

Currently the mininal TTL settable for denial is 1s.

[miekg]

Where is the bug against Python, because that looks super strange?

[miekg]

This is waiting for a test to be added in #2588

[miekg]

This is fixed in 1.5.1 by setting the AA bit on cache replies.