Unbound - Shared Cache
Tony Finch
dot at dotat.at
Mon Feb 10 14:31:32 UTC 2020
Talkabout <talk.about at gmx.de> wrote:
>
> Maybe a solution can be to integrate a Sub layer inbetween the local
> Cache and external resolvers, a shared Cache. This shared Cache is
> updated by all Peers when a query gets resolved and every peer can ask
> the shared Cache for entries when local Cache does not deliver any
> results. Shared Cache instances are then automatically synchronized.
You can do something a bit like your "sublayer" with dnsdist. You can
configure it with multiple back-end servers using a whashed or chashed
selection policy so that you aren't asking both back-ends to resolve all
questions.
https://dnsdist.org/guides/serverselection.html
The caveat is that "infrastructure" records (i.e. the delegation chain: NS
records, glue records, DS and DNSKEY records) have a big effect on DNS
performance and (unlike Unbound's shared cache) dnsdist won't help the
back-ends to avoid duplicating work resolving infrastructure records.
This discussion reminds me of Geoff Huston's investigation of zombie DNS
queries a few years ago http://www.potaroo.net/ispcol/2016-03/zombies.html
which made me wonder if some resolvers were using ill-advised hacks to
pre-heat cache B by sniffing the network for cache A's query traffic,
which is a great way to get a Sorcerer's Apprentice effect!
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
Gibraltar Point to North Foreland: Westerly 6 to gale 8, occasionally severe
gale 9 at times. Moderate or rough, occasionally slight near shore. Squally
showers, wintry at times. Good, occasionally poor.
More information about the Unbound-users
mailing list