Re: [Pdns-users] Recursor Cache Sizing: Is more always better?
Hello Christoph, On 12.09.23 13:35, Christoph via Pdns-users wrote: Hi Winfried, My recommendation is to limit the TTL to 12 or 6 hours and find out how many cache entries are created during this time. Increase that by 50% and that's your value. thanks for your recommendation. I've played a bit with this to see what max-cache-entries values this procedure would result in. What input should influence whether this should be done with a max-cache-ttl of 6, 12 or 24 hours? The change to max-cache-ttl [1] to N hours would just be temporary, during the collection of the cache-entries metric, and be set back to 1d (default) after that or stay at N hours? It stays at N hours. Should this procedure be done with refresh-on-ttl-perc=0 for the data gathering phase? If you use prefetching, I would also turn it on for the data gathering phase. In any way, the approach results in a significantly larger max-cache-entries setting than we currently use. If max-cache-entries is too small, cache cleaning will also delete cache entries whose TTL has not yet expired. Does the same apply to other caches like max-packetcache-entries aggressive-nsec-cache-size and dnsdist's packetCache maxEntries? Yes. But in my opinion, maxTTL=900 can be used with dnsdists cache. This reduces the time how long RRs are cached in dnsdist to 900s, and with it the cache size. However, the expiring TTL that was originally supplied by the Recursor is delivered, so the clients does not see this reduction. 900s is enough to still serve most out of the dnsdist cache under heavy load. The additional latency due to cache misses is not significant because the Recursor cache catches these requests. Winfried ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Recursor Cache Sizing: Is more always better?
Hi Winfried, My recommendation is to limit the TTL to 12 or 6 hours and find out how many cache entries are created during this time. Increase that by 50% and that's your value. thanks for your recommendation. I've played a bit with this to see what max-cache-entries values this procedure would result in. What input should influence whether this should be done with a max-cache-ttl of 6, 12 or 24 hours? The change to max-cache-ttl [1] to N hours would just be temporary, during the collection of the cache-entries metric, and be set back to 1d (default) after that or stay at N hours? Should this procedure be done with refresh-on-ttl-perc=0 for the data gathering phase? In any way, the approach results in a significantly larger max-cache-entries setting than we currently use. Does the same apply to other caches like max-packetcache-entries aggressive-nsec-cache-size and dnsdist's packetCache maxEntries? thanks, Christoph [1] https://doc.powerdns.com/recursor/settings.html#max-cache-ttl ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] IXFR with PowerDNS
On Mon, Sep 11, 2023 at 11:44:57AM +0200, Thomas Mieslinger via Pdns-users wrote: > Hi all, > > I switched an Active Directory Zone to IXFR instead of AXFR. > > When doing AXFR all records have "auth=1" in the MySQL Backend. > > When doing IXFR the individually updated records get "auth=0" including > the SOA record. Consequently the zone is not served anymore by PowerDNS. > > What can I change to IXFRs write the records with "auth=1" to the database? > > Thanks Thomas There are basic regression tests for IXFR that check the resulting records are served by auth correctly, so we have to find out why auth becomes 0 in your case. On thing that can make a difference is DNSSEC, since signed zones have different handling of the auth field in the DB. So we need full information: config, zone details, logs, with captures of the incoming IXFR and the database content before and after the IXFR. It's probably more convenient to create a github issue with all the information. -Otto ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
