Geert, Just in case, .consul is not a registered domain name. It is assigned with Hashicorp consul service discovery product and is internal to us. Whence forwarders.
On Tue, Mar 17, 2020, 9:08 AM Sasha Litvak <alexander.v.lit...@gmail.com> wrote: > Geert, > > What is the meaning of this? > > On Tue, Mar 17, 2020, 1:48 AM Geert Stappers <stapp...@stappers.nl> wrote: > >> On Mon, Mar 16, 2020 at 08:31:17PM -0500, Sasha Litvak wrote: >> > I couldn't find a specific answer anywhere so hopefully someone has a >> > clue on this list >> > >> > We are using dnsmasq on our servers as a caching dns solution. >> > >> > Most of our domains are resolved by a wildcard record like this >> > >> > $TTL 3600 ; 1 hour >> > A 10.10.10.23 >> > $ORIGIN example.net. >> > * CNAME excontainers >> > excontainers CNAME exservice.service.consul >> > >> > dnsmasq handles resolution of .consul domain directly but the DNS >> > server itself also forwards .consul to consul servers. >> > >> > I added min-ttl 5s to decrease the number of queries to consul >> > >> > So when I do dig foo.example.net @127.0.0.1 I get >> > >> > foo.example.net. 3600 IN CNAME excontainers.example.net. >> > excontainers.example.net. 3600 IN CNAME exservice.service.consul. >> > exservice.service.consul. 5 IN A 10.0.48.13 >> > >> > Now we often need to migrate subdomains by pointing them to a >> > different consul cluster. So our script uses nsupdate and creates a >> > dynamic DNS record resulting in this reply >> > >> > foo.example.net. 60 IN CNAME exservice2.service.consul. >> > exservice2.service.consul. 5 IN A 10.0.48.35 >> > >> > So we have a record that is more explicit and it takes precedence over >> > wild card. On servers with little traffic, domain switch happens >> > within a few seconds, but on the main busy server with 100s of queries >> > a second, it takes an hour for dnsmasq to change its cache. We see >> > dnsmasq sending requests to the DNS server getting correct new records >> > but still sending the old cached records to a client. >> > >> > When we are going back from distinct to default wild card (removing >> > distinct record in DNS) cache change happens almost immediately (a >> > couple of seconds) regardless of how busy the server is. >> > >> > Sorry for the long description but I would like to find out a reason >> > why during switching from wild card to more explicit record dnsmasq >> > cache update takes such a long time. >> >> $ host -t ns org >> org name server d0.org.afilias-nst.org. >> org name server b2.org.afilias-nst.org. >> org name server a0.org.afilias-nst.info. >> org name server a2.org.afilias-nst.info. >> org name server b0.org.afilias-nst.org. >> org name server c0.org.afilias-nst.info. >> $ host -t ns consul >> Host consul not found: 3(NXDOMAIN) >> $ >> >> >> _______________________________________________ >> Dnsmasq-discuss mailing list >> Dnsmasq-discuss@lists.thekelleys.org.uk >> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss >> >
_______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss