Persistently caching DNS cache for Linux

dns

Is there a free DNS proxy/cache software that caches positive answers indefinitely until some new positive answer is received ? That means the cache should live longer than the TTL received as long as the upstream DNS server does not answer or gives a negative (NXDOMAIN) answer.

An alternative name for this question could have been Resilient DNS cache as it helps in case of outages.

Best cache behavior would be not to forward client queries if a cached answer is available within its TTL and forward client queries otherwise. If there is no answer within a configurable timeout or there is a negative answer from upstream, the cache contents are returned with some configurable artificial TTL value. If there is a positive answer, it is returned to the client and saved in the cache.


Specifically, the term you're looking for is "serve stale" or "serve expired". Quite a few DNS resolvers support serving old data; this feature actually exists even as an IETF specification.

For example,

  • "serve-stale" has been implemented by ISC BIND 9.11 (the link is to a blog post which also talks about the history of the feature);

  • it is called "serve-expired" in Unbound – might go along well with its "prefetch" feature (which automatically refreshes cached entries);

  • dnsdist has had "keepStaleData" added in 1.4.0;

  • while pdns-recursor still has only a pending feature request.

However, this only works for complete outages. It does not apply to NXDOMAIN responses, as those are still perfectly valid responses – a fake "no such domain" is indistinguishable from a legitimate one (unless it fails DNSSEC vallidation). Negative replies are in fact cacheable too.

Additionally, many resolvers support putting a minimum limit on the received TTL, so that e.g. replies with a TTL of 30 seconds would instead be cached for 5 minutes. This can help when using an unreliable upstream resolver.

  • Unbound has "cache-min-ttl";

  • dnsmasq has "min-cache-ttl" (limited to 1 hour).

Similar threads:

  • https://serverfault.com/questions/817589/can-a-local-dns-cache-be-configured-to-use-stale-records-when-upstream-fails
  • https://unix.stackexchange.com/questions/287836/how-to-override-ttl-in-a-caching-only-bind9

Related

UPS doesn't provide power when it's plugged to the wall
Download the lowest quality video with youtube-dl
Recover password for local user admin account in Windows 10 [duplicate]
Where is the PEM file format specified?
How to detect that the app is running on a jailbroken device? [duplicate]
How to encode byte[] in proto buffs
Proper way to delete GLSL shader?
Expression after last specific character
tr command - how to replace the string "\n" with an actual newline (\n) [closed]
Java/Groovy - simple date reformatting
Android HTTPUrlConnection : how to set post data in http body?
Global error handler for any exception