This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH][BZ #13928] Use minimum ttl value from dns query

From: "Carlos O'Donell" <carlos at systemhalted dot org>
To: Siddhesh Poyarekar <siddhesh at redhat dot com>
Cc: libc-alpha at sourceware dot org
Date: Thu, 29 Mar 2012 20:40:23 -0400
Subject: Re: [PATCH][BZ #13928] Use minimum ttl value from dns query
References: <20120329144958.42b2a36f@spoyarek>

On Thu, Mar 29, 2012 at 5:19 AM, Siddhesh Poyarekar <siddhesh@redhat.com> wrote:
> When a queried dns name is a CNAME record with a TTL, the TTL of the A
> or AAAA record that the CNAME finally resolves to is considered as its
> TTL, which results in incorrect cache timeouts for such CNAME records
> in nscd.

How did you verify this?

I believe you are seeing the expected behaviour.

> AFAICT, the ttl is only used by nscd and this behaviour affects how long
> nscd caches a DNS entry before it looks to reload it. The correct
> approach in this case for nscd ought to be to have the minimum of the
> TTL values in the entire chain of results (CNAME -> CNAME -> ... ->
> A|AAAA) as the cache timeout value for the DNS entry.

No, that's certainly not correct.

You have to consider each step in the link independently and look at
the TTL for each link.

The CNAME TTL should be used as the TTL for the CNAME record.

The A|AAAA TTL should be used as the TTL for the A|AAAA record.

Making the TTL of the CNAME *anything but* the TTL of the CNAME seems
wrong and misleading.

In your example for BZ#13928 you have:

* A default TTL of 1200 (20 minutes)
* An A record with default TTL named "ad"
* A CNAME record with 60s TTL named "cad" pointing at "ad"
* A CNAME record with 15s TTL named "bad" pointing at "cad"

After the *first* lookup nscd should have the following in the cache:

* An A record "ad" 1.0.0.1 with TTL 20 minutes.
* A CNAME record "cad"->"ad" with TTL 60s.
* A CNAME record "bad"->"cad" with TTL 15s.

You then modify the A record on the server to be 1.0.0.2 and wait 30 seconds.

You hit the server.

* "bad" is in the cache, but it expired 15s ago.
* You query the server and get back "bad"->"cad"
* "cad" is in the cache and it is not expired yet and it is "cad"->"ad"
* "ad" is in the cache and it is not expired yet and it is 1.0.0.1.

I don't understand why you think this should return 1.0.0.2 after only
15 seconds.

However, I'm not *at all* familiar with nscd so I don't know *how* it
implements caching.

Cheers,
Carlos.

Follow-Ups:
- Re: [PATCH][BZ #13928] Use minimum ttl value from dns query
  - From: Siddhesh Poyarekar
- Re: [PATCH][BZ #13928] Use minimum ttl value from dns query
  - From: Siddhesh Poyarekar

References:
- [PATCH][BZ #13928] Use minimum ttl value from dns query
  - From: Siddhesh Poyarekar

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]