Re: Honouring the DNS ttl in proxy-pass

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Gustau,

2017-08-23 12:47 GMT+02:00 Gustau Perez <gustau.perez@xxxxxxxxxxx>:
   Hi,

   We’re trying to set a bunch of Apaches 2.4.18 to proxy pass the requests it receives to our partner's upstream server. Our partner uses Amazon’s Elastic Load Balancing and thus the only we know about their servers is its DNS names.

   The TTL of the DNS records is 60 seconds and I’d like to know if Apache can honour that ttl, keeping the connection alive as long as the DNS record is valid and then requesting the translation when the TTL has expired.

   Using mod_proxy DisableReuse = on forces opening a new connection every time a resource is needed upstream. That would do the trick as long as the underneath operating system does the DNS TTL caching. If not, every time a new resource is needed Apache will force a new DNS request, increasing the response time.

   I’ve thought of playing with the mod_proxy ttl and timeout parameters, but I think I’m not correctly solving the problem. According to the docs, the mod_proxy’s timeout parameter controls the time a socket will wait for data from upstream, but I’m not sure if the Apache instance will close the connection an open a new one. Also, playing with the timeout is error prone, because a lower value may sent an wrong answer to the client.

   I’ve spend a few time trying to tackle this setup with no joy.  Is there any special setup to cover that scenario? Or perhaps I’ve skipped something? Any help would be appreciated.

one of the side effects of reusing the backend connections is to force the Apache child process to cache the DNS resolution for its life (that is until a main restart happens or when MaxConnectionsPerChild is met), so I am afraid that if you need something more flexible you'd need to deploy something like https://www.unbound.net on the host running Apache to reduce the DNS resolution latencies (and the pressure to your DNS resolvers).

Hope it helps,

Luca

[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux