thrk2
commented
3 months ago Some words on why we would like to turn off the timeout cache, i.e. what inspired this PR:
The timeout cache is currently causing operational issues for us as the timeout is set on the organizational domain, not the queried entry.
Eg. There are errors on the query for a specific subdomain _dmarc.country-sub1.domain.com, but this causes the whole domain.com to be put on hold due to timeouts.
The cache is be per worker, from what we could find in the code, and lives for the whole worker lifetime, so in such case no other queries for any *.domain.com records would be sent.
We are however getting many additional emails related to country-sub2.domain.com, domain.com or any other *.domain.com subdomain, that have perfectly fine DNS records, which are not verified because of the negative cache of the organizational domain.
We are operating a caching resolver that authentication_milter is using, so we are doing a more fine granular caching in another place to reduce the effort for repeatedly resolving failing subdomains.
This PR adds a config option to allow disabling the caching of domains, which timed out during a DNS query. By default the option is enabled to preserve the current behaviour. Setting the option to 0 disables the cache and the query will be sent the the DNS resolver each time, regardless of previous timeouts.