Hello,
I currently run 4 instances of knot-resolver per DNS resolver server (for an ISP) :
2 instances for regular resolution.
2 instances for dns64/nat64 resolution.
It is working fine.
However, I separated the cache for dns64 / regular resolution (1 shared cache per each
identical instances), as I believe there could be conflicts if it was shared between dns64
and non-dns64 instances.
The same request for a AAAA record of a domain that only has a A record would differ with
or without dns64 (forged for nat64 vs genuine).
How would a shared cache deal with that difference?
I would like to know if this separation of cache is necessary or if the cache management
would prevent conflicts if the cache was shared between all 4 instances.
Only forged AAAA records differ, so except that, all the rest is identical.
My config is like that:
local systemd_instance = os.getenv("SYSTEMD_INSTANCE")
[…]
net.listen('SOME PRIVATE IPV6', 8453, { kind = 'webmgmt'})
if string.match(systemd_instance, '^64') then
modules = { dns64 = '64:ff9b::' }
cache.open(HALF_CACHE_SIZE * MB, 'lmdb:///var/cache/knot-resolver64')
net.listen(‘PUBLIC_IPV6_FOR_DNS64_RESOLVER', 53, { kind = 'dns' })
else
cache.open(HALF_CACHE_SIZE * MB, 'lmdb:///var/cache/knot-resolver')
net.listen('PUBLIC_IPV4_FOR_REGULAR_RESOLVER', 53, { kind = 'dns' })
net.listen(‘PUBLIC_IPV6_FOR_REGULAR_RESOLVER', 53, { kind = 'dns' })
end
modules.load('http')
http.prometheus.namespace = 'resolver_'
[etc.]
Thank you for any feedback on this,
--Bolemo