Discussion:
[Dnsmasq-discuss] Caching with custom upstream domain
Paulo Bittencourt
2017-08-09 18:34:17 UTC
Permalink
Hi Peter,

Sorry for the late reply on this - I was on vacation.

I am continuing the investigation with the caching behavior of dnsmasq when
querying Consul. I verified the TTL on the responses from Consul and it is
'5s', the value which we've configured into the Consul agent.

Here is the DNS response from the Consul (the IP and port are different
from the previous examples as I've set up a test environment for this, but
this is still hitting a Consul agent directly):
---
/ # dig @100.64.0.10 consul.service.consul

; <<>> DiG 9.10.4-P8 <<>> @100.64.0.10 consul.service.consul
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28354
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;consul.service.consul. IN A

;; ANSWER SECTION:
consul.service.consul. 5 IN A 100.96.24.9

;; Query time: 1 msec
;; SERVER: 100.64.0.10#53(100.64.0.10)
;; WHEN: Wed Aug 09 18:32:01 UTC 2017
;; MSG SIZE rcvd: 55
---

The behavior I was seeing is that it would not cache Consul replies but
would cache other domains. The only difference I could see between the
domains is that the 'consul' upstream server was configured via the
'--server flag', while the other upstreams came from '/etc/resolv.conf'.

As a test, I set up three dnsmasq instances as follows:

* INSTANCE A: uses resolv.conf setting Consul as upstream for all domains
Command: dnsmasq --log-facility=- --log-queries --port=1053

* INSTANCE B: uses --server flag to set Consul as upstream for the
'.consul' domain
Command: dnsmasq --log-facility=- --log-queries --port=2053 --no-resolv
--server=/consul/100.64.0.10

* INSTANCE C: uses --server flag to set Consul as upstream all domains
Command: dnsmasq --log-facility=- --log-queries --port=3053 --no-resolv
--server=100.64.0.10

By following the query logs and inspecting the output TTLs, I can see that
instance A caches the results (for 5 seconds) while instances B and C do
not cache any results. If I query repeatedly, I can see the TTLs returned
by instance A gradually decrease from 5s to 1s until the entry falls out of
the cache. Instances B and C always return a 5s TTL (which is what Consul
always returns).

As far as I can tell, dnsmasq is not doing any caching when the upstream is
set via the --server flag.

Should we consider this a bug, or maybe a known limitation that should be
documented?

Thanks again for your help.

Paulo
Date: Thu, 13 Jul 2017 15:27:37 +0200
Subject: Re: [Dnsmasq-discuss] Caching with custom upstream domain
Content-Type: text/plain; charset=utf-8
Hello Paulo,
I did a quick test but it seems it does cache the responses.
It would help if you could show us dig query result
It depends on what TTL is used for replies from Consul server. If TTL in
second column is 0, it should not be cached by dnsmasq. You would have
to change consul service in that case.
Or use min-cache-ttl=120 or higher value. But that TTL might have good
reason, it would be better to fix the service.
Hello!
We are using dnsmasq for local DNS caching on all our hosts.
We've set up a custom upstream domain to route DNS requests for Consul
server=/consul/127.0.0.1#8600 <http://127.0.0.1#8600>
Looking at the load the Consul agent, we were suspecting that dnsmasq
was not caching the replies from Consul. After enabling query logging
on dnsmasq, it looks like this is the case.
If I query any other domain repeatedly, (eg. example.com
<http://example.com>, google.com <http://google.com>), it logs that it's
Jul 12 13:56:56 ip-10-184-50-103 dnsmasq[18119]: query[A] www.google.ca
<http://www.google.ca> from 127.0.0.1
Jul 12 13:56:56 ip-10-184-50-103 dnsmasq[18119]: cached www.google.ca
<http://www.google.ca> is 172.217.5.227
... repeats ...
Jul 12 13:57:55 ip-10-184-50-103 dnsmasq[18119]: query[A]
consul.service.consul from 127.0.0.1
Jul 12 13:57:55 ip-10-184-50-103 dnsmasq[18119]: forwarded
consul.service.consul to 127.0.0.1
Jul 12 13:57:55 ip-10-184-50-103 dnsmasq[18119]: reply
consul.service.consul is 10.144.40.2
Jul 12 13:57:55 ip-10-184-50-103 dnsmasq[18119]: reply
consul.service.consul is 10.51.148.85
Jul 12 13:57:55 ip-10-184-50-103 dnsmasq[18119]: reply
consul.service.consul is 10.37.226.205
... repeats ...
I've searched for any documentation regarding caching behavior for
custom upstream domains and I haven't found anything.
Any ideas?
Thanks,
Paulo
_______________________________________________
Dnsmasq-discuss mailing list
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
--
--
Petr Men??k
Software Engineer
Red Hat, http://www.redhat.com/
Paulo Bittencourt
2017-08-15 19:03:44 UTC
Permalink
Hello,

This is a follow-up on an issue I posted on August 9. I had the suspicion
that dnsmasq was not caching for custom upstream domains, when I was
routing requests to Consul. It turns out I did my testing wrong, and was
not able to notice that the issue was happening only when Consul was in the
upstream.

Turns out it the real cause was that Consul reports itself as not
supporting recursive queries, and dnsmasq does not cache non-recursive
responses.

Sorry for the confusion.

Here's some more info from someone who ran into the same issue:
https://groups.google.com/forum/#!topic/consul-tool/NQDkxOj5Bks

Thanks Petr Menšík for the initial response!

Paulo
Post by Paulo Bittencourt
Hi Peter,
Sorry for the late reply on this - I was on vacation.
I am continuing the investigation with the caching behavior of dnsmasq
when querying Consul. I verified the TTL on the responses from Consul and
it is '5s', the value which we've configured into the Consul agent.
Here is the DNS response from the Consul (the IP and port are different
from the previous examples as I've set up a test environment for this, but
---
; (1 server found)
;; global options: +cmd
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28354
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;consul.service.consul. IN A
consul.service.consul. 5 IN A 100.96.24.9
;; Query time: 1 msec
;; SERVER: 100.64.0.10#53(100.64.0.10)
;; WHEN: Wed Aug 09 18:32:01 UTC 2017
;; MSG SIZE rcvd: 55
---
The behavior I was seeing is that it would not cache Consul replies but
would cache other domains. The only difference I could see between the
domains is that the 'consul' upstream server was configured via the
'--server flag', while the other upstreams came from '/etc/resolv.conf'.
* INSTANCE A: uses resolv.conf setting Consul as upstream for all domains
Command: dnsmasq --log-facility=- --log-queries --port=1053
* INSTANCE B: uses --server flag to set Consul as upstream for the
'.consul' domain
Command: dnsmasq --log-facility=- --log-queries --port=2053 --no-resolv
--server=/consul/100.64.0.10
* INSTANCE C: uses --server flag to set Consul as upstream all domains
Command: dnsmasq --log-facility=- --log-queries --port=3053 --no-resolv
--server=100.64.0.10
By following the query logs and inspecting the output TTLs, I can see that
instance A caches the results (for 5 seconds) while instances B and C do
not cache any results. If I query repeatedly, I can see the TTLs returned
by instance A gradually decrease from 5s to 1s until the entry falls out of
the cache. Instances B and C always return a 5s TTL (which is what Consul
always returns).
As far as I can tell, dnsmasq is not doing any caching when the upstream
is set via the --server flag.
Should we consider this a bug, or maybe a known limitation that should be
documented?
Thanks again for your help.
Paulo
Date: Thu, 13 Jul 2017 15:27:37 +0200
Subject: Re: [Dnsmasq-discuss] Caching with custom upstream domain
Content-Type: text/plain; charset=utf-8
Hello Paulo,
I did a quick test but it seems it does cache the responses.
It would help if you could show us dig query result
It depends on what TTL is used for replies from Consul server. If TTL in
second column is 0, it should not be cached by dnsmasq. You would have
to change consul service in that case.
Or use min-cache-ttl=120 or higher value. But that TTL might have good
reason, it would be better to fix the service.
Hello!
We are using dnsmasq for local DNS caching on all our hosts.
We've set up a custom upstream domain to route DNS requests for Consul
server=/consul/127.0.0.1#8600 <http://127.0.0.1#8600>
Looking at the load the Consul agent, we were suspecting that dnsmasq
was not caching the replies from Consul. After enabling query logging
on dnsmasq, it looks like this is the case.
If I query any other domain repeatedly, (eg. example.com
<http://example.com>, google.com <http://google.com>), it logs that
it's
Jul 12 13:56:56 ip-10-184-50-103 dnsmasq[18119]: query[A] www.google.ca
<http://www.google.ca> from 127.0.0.1
Jul 12 13:56:56 ip-10-184-50-103 dnsmasq[18119]: cached www.google.ca
<http://www.google.ca> is 172.217.5.227
... repeats ...
Jul 12 13:57:55 ip-10-184-50-103 dnsmasq[18119]: query[A]
consul.service.consul from 127.0.0.1
Jul 12 13:57:55 ip-10-184-50-103 dnsmasq[18119]: forwarded
consul.service.consul to 127.0.0.1
Jul 12 13:57:55 ip-10-184-50-103 dnsmasq[18119]: reply
consul.service.consul is 10.144.40.2
Jul 12 13:57:55 ip-10-184-50-103 dnsmasq[18119]: reply
consul.service.consul is 10.51.148.85
Jul 12 13:57:55 ip-10-184-50-103 dnsmasq[18119]: reply
consul.service.consul is 10.37.226.205
... repeats ...
I've searched for any documentation regarding caching behavior for
custom upstream domains and I haven't found anything.
Any ideas?
Thanks,
Paulo
_______________________________________________
Dnsmasq-discuss mailing list
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
--
--
Petr Men??k
Software Engineer
Red Hat, http://www.redhat.com/
Loading...