Closed beelze closed 1 day ago
That could be done, of course, but it would take some time to be implemented. I'll let you know when I have something tangible to test. In the meantime, you can try the following watchdog. It restarts pound
when the host name given as argument changes its IP. The script uses at
to schedule its next startup time and rounds it up to the nearest minute, which should be enough for most real-time ttls. However, it should be easy to modify it to run with the second precision as well. It uses systemctl to restart pound
, edit it if you use some other command:
#!/bin/sh
host=${1:?}
prev=$2
set -- $(dig +noall +answer $host|awk '$4 == "A" || $4 == "AAAA" {print $2 " " $5}'|head -1)
if [ $# -ne 2 ]; then
echo >&2 "$0: failed to resolve $host"
exit 1
fi
if [ "$prev" != $2 ]; then
echo >&2 "$0: $host changed IP from $prev to $2"
prev=$2
systemctl restart pound
fi
n=$(( ( $1 + 59 ) / 60 ))
echo "$0 $host $prev" | at now + $n minute 2>&1 | \
sed -e '/^warning: commands will be executed using/d' \
-e '/^job [0-9][0-9]* at/d'
Thanks in advance!
Please clone and compile the resolver
branch. See the file NEWS
for detailed instructions on how to compile and use it (so far it is the only documentation on the new features).
Any feedback will be much appreciated.
@graygnuorg, undoubtedly you did a lot of brilliant work regarding this issue! I'll test it in a day or two.
one question:
Dynamic backends will be updated periodically, when the TTL of the corresponding DNS records expires.
what exactly corresponding record
is when CNAME involved? I believe A/AAAA?
what exactly corresponding record is when CNAME involved? I believe A/AAAA?
Yes, the A or AAAA it points to.
Finally I did some tests. In particular, having Resolve first
and
pound IN CNAME pound1
pound1 30 IN A $addr1
pound2 30 IN A $addr2
pound3 30 IN A $addr3
... and changing pound
between poundN
. All went fine.
Secondly, having Resolve all
and multiply addresses for pound A
record, balancing was ok.
During the tests I discovered that some dns cachers/forwarders can change TTL. In particular, unbound
have a default setting of serve-original-ttl
of no
, resulting to always return 2m TTL instead of 30s – and corresponding delays in first test. Though, using Resolver/ConfigFile
with nameserver $authoritative_server_address
fixed this. But it made be think of usecases when user not allowed to change TTL – maybe having something like TTLOverride
option may help in these cases?
Also, it would be nice to see actual ttl value with poundctl list
I believe.
And again, thanks for your work!
Thanks for the feedback!
But it made be think of usecases when user not allowed to change TTL -- maybe having something like TTLOverride option may help in these cases?
Yes, that makes sense.
Also, it would be nice to see actual ttl value with poundctl list I believe. And again, thanks for your work!
Ah, I thought about that. The patch will be available soon. I'm currently working on the implementation of SRV-based backends, so perhaps the two will be combined. As usual, I'll let you know when it is available.
Hi. I have finished the SRV implementation and added expiration timestamp to the poundctl output (TTLOverride not implemented yet). Please pull and give it a try.
I merged the changes to master.
One of my configurations includes backend server that may sometimes change its ip address. It is relatively rare (a couple times a week) but I need to restart pound every time it happens.
I understand that resolving symbolic server name every time is expensive and even not needed (in most cases), but sometimes it may be convenient (low load, "cheap" local resolve). Is there any possibility to mark backend address "dynamic"? Or maybe add appropriate config directive?