Hello,

I currently run 4 instances of knot-resolver per DNS resolver server (for an ISP) :

2 instances for regular resolution.
2 instances for dns64/nat64 resolution.

It is working fine.

However, I separated the cache for dns64 / regular resolution (1 shared cache per each identical instances), as I believe there could be conflicts if it was shared between dns64 and non-dns64 instances.

The same request for a AAAA record of a domain that only has a A record would differ with or without dns64 (forged for nat64 vs genuine).

How would a shared cache deal with that difference?

I would like to know if this separation of cache is necessary or if the cache management would prevent conflicts if the cache was shared between all 4 instances.

Only forged AAAA records differ, so except that, all the rest is identical.

My config is like that:

local systemd_instance = os.getenv("SYSTEMD_INSTANCE")

[…]

net.listen('SOME PRIVATE IPV6', 8453, { kind = 'webmgmt'})

if string.match(systemd_instance, '^64') then
modules = { dns64 = '64:ff9b::' }
cache.open(HALF_CACHE_SIZE * MB, 'lmdb:///var/cache/knot-resolver64')
net.listen(‘PUBLIC_IPV6_FOR_DNS64_RESOLVER', 53, { kind = 'dns' })
else
cache.open(HALF_CACHE_SIZE * MB, 'lmdb:///var/cache/knot-resolver')
net.listen('PUBLIC_IPV4_FOR_REGULAR_RESOLVER', 53, { kind = 'dns' })
net.listen(‘PUBLIC_IPV6_FOR_REGULAR_RESOLVER', 53, { kind = 'dns' })
end

modules.load('http')
http.prometheus.namespace = 'resolver_'

[etc.]

Thank you for any feedback on this,

--Bolemo