These are chat archives for CZ-NIC/knot-resolver

29th
May 2018
Petr Špaček
@pspacek
May 29 2018 10:06
@ilyaevseev I wonder what would be use case here. Could you describe it in more detail? I'm curious!
Ilya Evseev
@ilyaevseev
May 29 2018 11:56
@pspacek It's happen periodically that a site is live and reachable, but his NS is down or unreachable (for example, when network connectivity between target NS and my knot-resolver is broken). In this case, site will not opened because DNS resolution via recursion is failed. Forwarding of failed request to 8.8.8.8 can be a good fallback because/if: (a) 8.8.8.8 returns cached info, (b) network connectivity between 8.8.8.8 and target NS is ok.
Robert Šefr
@robcza
May 29 2018 11:57
@ilyaevseev this sounds like a brilliant case for the serve stale module: http://knot-resolver.readthedocs.io/en/stable/modules.html#serve-stale
Ilya Evseev
@ilyaevseev
May 29 2018 11:59
@robcza Yes, I use serve_stale for that, it's awesome :) But it works for already performed requests only. It cannot help when some site is accessed first time, and his NS is down or unreachable.
Petr Špaček
@pspacek
May 29 2018 12:02
Well, we could argue that if the connection is do bad it would be better to forward all the time.
Robert Šefr
@robcza
May 29 2018 12:05
@ilyaevseev right, sounds reasonable. I remember a few occasions when such a fallback would prove handy. Some remote nameservers blocking traffic from chosen networks for no obvious reason. An externally placed resolver could help in such a situation
Ilya Evseev
@ilyaevseev
May 29 2018 12:05
@pspacek forwarding (a) works slower and (b) returns outdated info. It should be nice to use forwarding as fallback for failed recursion only.
Vladimír Čunát
@vcunat
May 29 2018 12:11
I could imagine it as a fallback option after serve_stale failed, but I don't know...
Petr Špaček
@pspacek
May 29 2018 14:14
I'm really interested in hearing details, especially about network latency etc. In our tests forwarding is almost always faster then full recursion.
Ilya Evseev
@ilyaevseev
May 29 2018 19:08
@vcunat serve_staled cannot help us on the first request failed.
@pspacek forwarding itself is faster, but public DNS forwarders (Google, Yandex, Level3, ...) are relatively slow. And their answers may contain old info, so we cannot use forwarders as a primary source.
Vladimír Čunát
@vcunat
May 29 2018 20:24
Yes, I meant this strategy: first try serve_stale and then some public resolver(s).