[squid-users] Squid ipcache and DNS TTL smaller than 60 seconds
Alex Rousskov
rousskov at measurement-factory.com
Tue Apr 10 16:10:06 UTC 2018
On 04/10/2018 09:19 AM, Amos Jeffries wrote:
> Consider, what would you expect to happen when DNS RRset changes
> _multiple_ times within the same TTL that TCP uses for a SYN-ACK timeout
> and retry?
I would expect that nothing special happens to a good implementation:
The TCP client would not notice the TTL expiration and RRset changes
while dealing with packets on a single TCP connection.
RRset TTL does _not_ mean that the client of a DNS cache cannot use the
answer after the TTL expires. It means that the DNS cache itself should
not return a stale answer to its client after the TTL expires. There is
an architectural boundary between a DNS cache and a client of that DNS
cache. Squid implementation may violate that boundary, but that Squid
problem is not a good (long-term) justification for violating server TTLs.
Connection reuse problems that you have described could be a good
justification for a default minimum TTL of 60 seconds. IMHO, it is not a
valid long-term justification for violating server TTLs when the admin
wants to honor them.
Cheers,
Alex.
More information about the squid-users
mailing list