I couldn't find a specific answer anywhere so hopefully someone has a clue on this list
We are using dnsmasq on our servers as a caching dns solution. Most of our domains are resolved by a wildcard record like this $TTL 3600 ; 1 hour A 10.10.10.23 $ORIGIN example.net. * CNAME excontainers excontainers CNAME exservice.service.consul dnsmasq handles resolution of .consul domain directly but the DNS server itself also forwards .consul to consul servers. I added min-ttl 5s to decrease the number of queries to consul So when I do dig foo.example.net @127.0.0.1 I get foo.example.net. 3600 IN CNAME excontainers.example.net. excontainers.example.net. 3600 IN CNAME exservice.service.consul. exservice.service.consul. 5 IN A 10.0.48.13 Now we often need to migrate subdomains by pointing them to a different consul cluster. So our script uses nsupdate and creates a dynamic DNS record resulting in this reply foo.example.net. 60 IN CNAME exservice2.service.consul. exservice2.service.consul. 5 IN A 10.0.48.35 So we have a record that is more explicit and it takes precedence over wild card. On servers with little traffic, domain switch happens within a few seconds, but on the main busy server with 100s of queries a second, it takes an hour for dnsmasq to change its cache. We see dnsmasq sending requests to the DNS server getting correct new records but still sending the old cached records to a client. When we are going back from distinct to default wild card (removing distinct record in DNS) cache change happens almost immediately (a couple of seconds) regardless of how busy the server is. Sorry for the long description but I would like to find out a reason why during switching from wild card to more explicit record dnsmasq cache update takes such a long time. _______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss