Hi Klaus, On Mon, 11 Jun 2018 12:53:45 +0200 Klaus Darilion <klaus.mailingli...@pernau.at> wrote:
> We soon put ALIAS into production. Hence, I have some questions to > better understand what's going on internally in PDNS. > > a) What happens if the backend query (from PDNS-auth to resolver) is > unanswered? Will PDNS timeout the outstanding query or will it be kept > on the list for ever? If it times out - will PDNS send any responses? If it times out, it depends on whether the query came in via UDP or TCP. Due to the design of the DNSProxy, we do not respond when the query came in over UDP and will send SERVFAIL when the query came in via TCP. > I stopped the resolver and sent a query to an ALIAS RR. My obervation > is, that PDNS did send an upstream query, but it: > - does not resend to the resolver Correct, we try it only once. A typical timeout from an upstream resolver is 2 seconds, so we won't win anything if your downstream is down (also resends are not possible due to the DNSProxy's current design). > - does not send any response (eg SERVFAIL) upstream See above, it only does this when the upstream query was TCP. But only after we detected the timeout downstream (2 seconds). > Hence I supsect that such unanswered backend queries will resist in some > queue forever. We keep a UDP conntrack table with a maximum of 2^16 entries and will reuse IDs either if the query with that ID was answered _or_ there was no answer for that ID after 60 seconds we re-use the ID. Note that I opened a PR with some improvements in this area where this time is reduced to 15 seconds[1]. For TCP, we set the RCODE to SERVFAIL and send it out from the DNSProxy, then let the Auth handle the connection closing. > Can you please comment an what really happens if the resolver is not > available? See above. > b) AFAIS the backend query supports only UDP without EDNS0. Hence, only > resposnes up to 512 bytes. Correct? Correct. We would like to improve this in the future. > c) AFAIS queries to ALIAS RRs are not cached in the packet cache. Why not? Mostly because ALIAS is special. But your resolver's cache will hold the answer so there will be little delay in answering. Cheers, Pieter 1 - https://github.com/PowerDNS/pdns/pull/6727 -- Pieter Lexis PowerDNS.COM BV -- https://www.powerdns.com _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
