[GTALUG] Cache DNS issues.

D. Hugh Redelmeier hugh at mimosa.com
Wed Nov 26 03:39:20 UTC 2014 

| From: William Muriithi <william.muriithi at gmail.com>

| Thank you. My problem seem to be ttl issue. The ttl for my records is 
| one hour and this system was down longer than that due to power outage.

Sorry if my message was confusing.  I don't think that setting a
longer TTL is the solution to your problem.  In fact, I don't know the
right solution.  Not really my area of expertise.

Setting a longer TTL will paper over the problem.  If the outage is
short enough, and the remaining TTLs are long enough, you will not
have a problem.  But all TTLs count down, so it is probably only luck
if you never crash with a short remaining TTL.  Adjusting TTL way high
will adjust the probabilities, but still leaves a vulnerability.

You didn't really tell us everything relevant about your problem so
I'm guessing at a few things.

Is your DNS master server on the same machine or a different one?  If
it is on the same machine, perhaps you can delay the startup of
postfix until after the master server is up.

If the server is on another machine, I don't know of an off-the-shelf
solution for all cases.  That doesn't mean that there isn't one.

If you control the master server, you could run a local slave DNS
server on the postfix machine.  That is probably the best and cleanest
solution.  Zone transfers don't have to happen in real time.  This
assumes that you only really care about queries for names in that zone.

If you don't control the master server:

A normal (not DNSSEC) way of deciding that there is no domain with
the given name is to give up after a query receives no answer after a
timeout.  Just telling postfix to have more patience might work but
has other problems.

[UNTESTED] Perhaps before starting postfix, you could do a query of a
better-be-a-sure-thing domain name with a really long timeout.
	dig @master.server known-name.ca +time=300
might do the trick (a 5 minute patience).  This might fit in the init
script.

Of course this is all a little improper.  If the server goes down
without the machine running postfix going down, you have the same old
problem.

More information about the talk mailing list