[systemd-devel] Antw: [EXT] Re: Extend systemd-resolved service to override DNS response
Ulrich Windl
Ulrich.Windl at rz.uni-regensburg.de
Thu Feb 16 07:02:16 UTC 2023
>>> Barry Scott <barry at barrys-emacs.org> schrieb am 15.02.2023 um 15:29 in
Nachricht <9CE7D348-327C-4C22-9A54-C57FEF4DFAFD at barrys-emacs.org>:
>
>> On 15 Feb 2023, at 10:31, Aditya Sharma <aditya.sharma1128 at gmail.com> wrote:
>>
>> Hi Kevin,
>>
>> When the TTLs expire, those records in the cache become 'stale', and are
> normally purged. Your request is to have an option in systemd-resolved to
> *not* purge those records, but to continue serving them in case it is unable
> to communicate with the configured recursive resolver(s).
>>
>> Sorry for the ambiguity.
>> What I meant was to keep serving the record after the resolvers are not
> operational or during some outage.
>> We were thinking of an approach where we keep on serving the last known good
> FQDNs even after the TTL has expired (only when we are unable to communicate
> with the resolvers). For that, we need to intercept the DNS calls and
> maintain some kind of local cache. So, wanted to understand how we can extend
> systemd-resolved service to serve the purpose.
>
> I would be worried that breaking the TTL caching rules will create more
> problems then it solves.
> Isn't the underlying issue that you have unreliable DNS servers that are
> important to your application?
I also thought it might be an "x y problem"; so what problem are you actually trying to fix?
>
> Barry
>
>
>
>>
>> Thanks
>> Aditya
>>
>>
>> On Tue, 14 Feb 2023 at 16:46, Kevin P. Fleming
> <lists.systemd-devel at kevin.km6g.us <mailto:lists.systemd-devel at kevin.km6g.us>>
> wrote:
>>> On Tue, Feb 14, 2023, at 04:04, Aditya Sharma wrote:
>>>> Hi Kevin,
>>>>
>>>> If what you mean is that you want to serve 'stale' records from a cache when
> their TTLs have expired and the authoritative servers which provided them are
> not reachable, that's something that a number of existing recursive resolvers
> are able to do and it could be logical for systemd-resolved to offer it too.
>>>> We are looking to prepare a solution similar to this, to serve back records
> for FQDNs in case of timeout from the DNS server.
>>>> We want to understand how we can extend systemd-resolved to override
> response from DNS server in case of timeouts/failures.
>>>
>>> Again, you need to be very specific in your request.
>>>
>>> systemd-resolved communicates with one or more recursive resolvers (what you
> are calling "DNS server", but that term is ambiguous). If those resolvers are
> not operational, systemd-resolved will continue serving records from its
> cache (if the cache is enabled), until their TTLs expire.
>>>
>>> When the TTLs expire, those records in the cache become 'stale', and are
> normally purged. Your request is to have an option in systemd-resolved to
> *not* purge those records, but to continue serving them in case it is unable
> to communicate with the configured recursive resolver(s).
>>>
>>> In your original message you referred to a 'negative response' from the "DNS
> server", but that's a completely different situation.
>>>
More information about the systemd-devel
mailing list