-
Notifications
You must be signed in to change notification settings - Fork 4.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added SOA configuration for DNS settings. #4714
Conversation
This will allow to fine TUNE SOA settings sent by Consul in DNS responses, for instance to be able to control negative ttl.
👍 being able to control negative TTL is super crucial when it comes to a user requesting over and over the same bad entry. It would help to protect our consul servers against that kind of behavior. |
@mkeeler that would really improve our situation to allow controlling this, and this is not very intrusive, we currently have a real situation in one of our clusters and this would really help |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@pierresouchay Looks great. Just the two minor updates to the documentation but when those are in I can go ahead and merge this.
@mkeeler all DONE |
@pierresouchay Just trying to see some travis tests passing before merging this. Hopefully restarting the job will fix it. |
@mkeeler We are good now, Bonus: Yet Another Unstable Unit Test Fixed :-) |
On DNS recursors, the min-ttl is gonna be invalidated if SOA is invalided. Thus, we have to ensure the SOA TTL is the same as the minimum TTL, otherwise the SOA is purged after 0 seconds and also the negative TTL. This change does not change anything to default Consul settings and will apply ONLY to SOA TTL.
…gentConnectCARoots_list as seen in https://travis-ci.org/hashicorp/consul/jobs/439078353
@wdauchy @pearkes @mkeeler Impact of the patch on our preprod cluster (mainly non-existing AAAA records are not constantly queried) on a given service (those are RPC per second on servers) with a And here is the impact on bandwidth of DNS recursor following queries on Consul (just as a reminer, this is a "small" cluster of preprod, only with less than 1k nodes: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM.
Will merge this soon once f-envoy
feature branch is merged assuming it's all clean.
This will allow to fine TUNE SOA settings sent by Consul in DNS responses,
for instance to be able to control negative ttl.
Will fix: #4713
Example
Override all settings:
Result: