On Wed, Sep 10, 2025 at 02:12:27PM +0200, Christopher Faulet wrote: > Le 10/09/2025 à 10:58 AM, Damien Claisse a écrit : > > Current behavior is to release requester and resolution right after DNS > > resolution, which prevents DNS caching to happen. Instead, keep the > > requester and rely on "hold valid" timeout to update the resolution as > > expected and stream cleanup code to release structures, effectively > > allowing another stream resolving the same FQDN to reuse the resolution > > if it is still valid (the "cache"). > > This should be backported on all supported versions as a test version > > compiled from the commit introducing the cache (7264dfe) confirms it > > doesn't work, as the structures were already released too early. > > --- > > src/resolvers.c | 1 + > > 1 file changed, 1 insertion(+) > > > > diff --git a/src/resolvers.c b/src/resolvers.c > > index 6daee3e14..b90e665e7 100644 > > --- a/src/resolvers.c > > +++ b/src/resolvers.c > > @@ -3132,6 +3132,7 @@ enum act_return resolv_action_do_resolve(struct > > act_rule *rule, struct proxy *px > > smp.strm = s; > > > > vars_set_by_name(rule->arg.resolv.varname, > > strlen(rule->arg.resolv.varname), &smp); > > + goto end; > > } > > } > > } > > Thanks Damien. Indeed, there is an issue. But your patch does not really fix > the issue because the requester is still released when the stream is > released. If it is the last one, the resolution will still be released too > and the cached result with it. So the only way to get a cached result on a > do-resolv action is to have enough streams requesting the same FQDN in same > time to always have at least one stream still alive to keep the resolution > used. > > Instead, I suggest to be able to keep orphan resolutions, when the last > requester is a stream, and during at most the hold valid time. It means the > resolver task should be responsible to clean expired orphan resolution. To > do so process_resolvers() must be modified accordingly. > > I will try to emit a patch soon, hoping it will be light enough to be safely > backported...
Also, be careful, I remember someone not that long ago complaining that we don't apply round-robin DNS on do_resolve(). With your improvement, it will be even more sticky. That's generally not a problem if users rely on the "hold valid" timer, but that's something to keep in mind. Willy
