Hi Peter,

Sorry for the late reply on this - I was on vacation.

I am continuing the investigation with the caching behavior of dnsmasq when
querying Consul.  I verified the TTL on the responses from Consul and it is
'5s', the value which we've configured into the Consul agent.

Here is the DNS response from the Consul (the IP and port are different
from the previous examples as I've set up a test environment for this, but
this is still hitting a Consul agent directly):
---
/ # dig @100.64.0.10 consul.service.consul

; <<>> DiG 9.10.4-P8 <<>> @100.64.0.10 consul.service.consul
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28354
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;consul.service.consul. IN A

;; ANSWER SECTION:
consul.service.consul. 5 IN A 100.96.24.9

;; Query time: 1 msec
;; SERVER: 100.64.0.10#53(100.64.0.10)
;; WHEN: Wed Aug 09 18:32:01 UTC 2017
;; MSG SIZE  rcvd: 55
---

The behavior I was seeing is that it would not cache Consul replies but
would cache other domains.  The only difference I could see between the
domains is that the 'consul' upstream server was configured via the
'--server flag', while the other upstreams came from '/etc/resolv.conf'.

As a test, I set up three dnsmasq instances as follows:

* INSTANCE A: uses resolv.conf setting Consul as upstream for all domains
  Command: dnsmasq --log-facility=- --log-queries --port=1053

* INSTANCE B: uses --server flag to set Consul as upstream for the
'.consul' domain
  Command: dnsmasq --log-facility=- --log-queries --port=2053 --no-resolv
--server=/consul/100.64.0.10

* INSTANCE C: uses --server flag to set Consul as upstream all domains
  Command: dnsmasq --log-facility=- --log-queries --port=3053 --no-resolv
--server=100.64.0.10

By following the query logs and inspecting the output TTLs, I can see that
instance A caches the results (for 5 seconds) while instances B and C do
not cache any results.  If I query repeatedly, I can see the TTLs returned
by instance A gradually decrease from 5s to 1s until the entry falls out of
the cache.  Instances B and C always return a 5s TTL (which is what Consul
always returns).

As far as I can tell, dnsmasq is not doing any caching when the upstream is
set via the --server flag.

Should we consider this a bug, or maybe a known limitation that should be
documented?

Thanks again for your help.

Paulo



> Date: Thu, 13 Jul 2017 15:27:37 +0200
> From: Petr Men??k <pemen...@redhat.com>
> To: dnsmasq-discuss@lists.thekelleys.org.uk
> Subject: Re: [Dnsmasq-discuss] Caching with custom upstream domain
> Message-ID: <db8d6d0d-8a3b-e553-c47c-3bec8bf64...@redhat.com>
> Content-Type: text/plain; charset=utf-8
>
> Hello Paulo,
>
> I did a quick test but it seems it does cache the responses.
>
> It would help if you could show us dig query result
>
> $ dig -p 8600 @127.0.0.1 consul.service.consul
>
> It depends on what TTL is used for replies from Consul server. If TTL in
> second column is 0, it should not be cached by dnsmasq. You would have
> to change consul service in that case.
>
> Or use min-cache-ttl=120 or higher value. But that TTL might have good
> reason, it would be better to fix the service.
>
> Dne 12.7.2017 v 16:20 Paulo Bittencourt napsal(a):
> > Hello!
> >
> > We are using dnsmasq for local DNS caching on all our hosts.
> >
> > We've set up a custom upstream domain to route DNS requests for Consul
> > to the local Consul agent, using this config directive:
> >
> > server=/consul/127.0.0.1#8600 <http://127.0.0.1#8600>
> >
> > Looking at the load the Consul agent, we were suspecting that dnsmasq
> > was not caching the replies from Consul.  After enabling query logging
> > on dnsmasq, it looks like this is the case.
> >
> > If I query any other domain repeatedly, (eg. example.com
> > <http://example.com>, google.com <http://google.com>), it logs that it's
> > using the cache:
> >
> > Jul 12 13:56:56 ip-10-184-50-103 dnsmasq[18119]: query[A] www.google.ca
> > <http://www.google.ca> from 127.0.0.1
> > Jul 12 13:56:56 ip-10-184-50-103 dnsmasq[18119]: cached www.google.ca
> > <http://www.google.ca> is 172.217.5.227
> > ... repeats ...
> >
> > If I query a Consul domain repeatedly, it doesn't seem to use the cache:
> >
> > Jul 12 13:57:55 ip-10-184-50-103 dnsmasq[18119]: query[A]
> > consul.service.consul from 127.0.0.1
> > Jul 12 13:57:55 ip-10-184-50-103 dnsmasq[18119]: forwarded
> > consul.service.consul to 127.0.0.1
> > Jul 12 13:57:55 ip-10-184-50-103 dnsmasq[18119]: reply
> > consul.service.consul is 10.144.40.2
> > Jul 12 13:57:55 ip-10-184-50-103 dnsmasq[18119]: reply
> > consul.service.consul is 10.51.148.85
> > Jul 12 13:57:55 ip-10-184-50-103 dnsmasq[18119]: reply
> > consul.service.consul is 10.37.226.205
> > ... repeats ...
> >
> > I've searched for any documentation regarding caching behavior for
> > custom upstream domains and I haven't found anything.
> >
> > Any ideas?
> >
> > Thanks,
> > Paulo
> >
> >
> > _______________________________________________
> > Dnsmasq-discuss mailing list
> > Dnsmasq-discuss@lists.thekelleys.org.uk
> > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> >


>
> --
> --
> Petr Men??k
> Software Engineer
> Red Hat, http://www.redhat.com/
> email: pemen...@redhat.com  PGP: 65C6C973
>
_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Reply via email to