0

This is for a server setup with a wobbly upstream DNS for company internal server names. Sometimes, when an entry has fallen from the cache due to TTL, and our system tries to resolve it, the upstream doesn’t answer; then our system sort of falls apart. The domains that are requested are fairly fixed.

Is there a DNS cache for Linux which still honors TTL (don’t need to ask again for X amount of time) but where it will attempt to refresh (with exp. back-off) the cache around the time the TTL has expires? And in the mean time probably returning the old answer, like a grace period.

Currently we are leaning to moving the caching into the application & database. Which seems a bit iffy to me.

It appears some commercial router appliances call this “FQDN Refresh”. But I can’t really find the config to do that in the few open source packages I looked at. It’s probably there, but slightly differently formulated.

Henk Poley
  • 165
  • 5
  • Why not use a different "upstream" DNS server? – joeqwerty Feb 05 '21 at 13:10
  • It's a large company's DNS server that serves where the internal servers are on the internal network. There is no other canonical source for this data that we need. You can't just ask 8.8.8.8 about the internal network structure of some company. – Henk Poley Feb 05 '21 at 14:37
  • 1
    You might want to add those details to your question. – joeqwerty Feb 05 '21 at 15:11

1 Answers1

3

Most Caching servers have the ability to fetch resources that are due to expire in unbound this feature is called prefetch

prefetch: yes or no

If yes, message cache elements are prefetched before they expire to keep the cache up to date. Default is no. Turning it on gives about 10 percent more traffic and load on the machine, but popular items do not expire from the cache.

RFC 8767 also allows caches to return expired data if they are unable to refresh there cache. one can enable this in unbound with

serve-expired-client-timeout: msec

Time in milliseconds before replying to the client with expired data. This essentially enables the serve-stale behavior as specified in RFC 8767 that first tries to resolve before immedi- ately responding with expired data. A recommended value per RFC 8767 is 1800. Setting this to 0 will disable this behavior. Default is 0.

bind prefetch isc post on serve-stale

balder
  • 401
  • 4
  • 4