Hi Dan, On 18/11/2022 02:51, Dan McCombs via dnsdist wrote:
Is that something that's expected to happen once the full response has been returned from a downstream over TCP? Is there some way to force TC responses to have at least some minimal TTL? Or some way to have dnsdist use its cached response rather than going back to the downstream in that case on UDP queries?
This is indeed an unfortunate consequence of the fact that there is no TTL on a truncated answer, and no way to set one, so the cache does not even try to store it. Perhaps it might make sense to cache these TC=1 answers for a configurable, very short amount of time. We already have a setting to cache "temporary failures", meaning Server Failure and Refused responses, for a short amount of time, so it would not be hard to implement the same behaviour for truncated answers. I think we have been reluctant to do that until now because some backends actually send TC=1 answers to specific clients, like in the RRL Slip case, and do not expect these answers to be served to other clients, but that might be OK as long as the caching is configurable and can be disabled.
Would you mind opening a feature request on GH [1] so we can track this? I would also happily merge a corresponding pull request, of course :)
Thanks! [1]: https://github.com/PowerDNS/pdns/issues/new/choose Best regards, -- Remi Gacogne PowerDNS.COM BV - https://www.powerdns.com/
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ dnsdist mailing list dnsdist@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/dnsdist
