I'm doing a simple Lua-based remap to do a DNS lookup for the backend server in a reverse proxy setup (Ubuntu Precise, 5.2.0), with nginx sitting in front of ATS (for various reasons). The remap just prepends a string to the hostname.
Everything's working great, but I did notice that while ATS is caching successful DNS lookups, it doesn't cache unsuccessful lookups (at least not out of the box, with the settings I could find). In my setup, I'm running a local unbound instance and thus: CONFIG proxy.config.dns.nameservers STRING 127.0.0.1 I'm testing where the underlying domain exists but the prepended version obviously doesn't, though hopefully I'd be able to make this work for outright non-existent domains too. In my testing, ATS would do an A lookup for a bad hostname (think: DDoS or misconfigration, etc): origin.example.com unbound immediately returns NXDOMAIN. Then ATS tries a AAAA lookup and that immediately gets returned NXDOMAIN. Then ATS closes the connection with no response. Though interestingly, it seems to wait about a half second or so *after* the NXDOMAIN response to start the close by sending a FIN. If I repeat the test with a bad hostname, ATS will query DNS every request. For a hostname that actually works, ATS is just using the cached DNS lookup, so just the initial lookup hits DNS. Is there any way to get ATS to cache the negative lookup, that I'm somehow missing in the docs/google? I'm hoping I'm just missing a setting somewhere. It would also be cool if there was an option so that one could have ATS return an error, instead of just closing the connection. My goal here is that if someone starts sending us DDoS-levels of garbage, ATS will fail fast, instead of keeping connections open.
