rgerhards at hq
Jul 30, 2012, 12:20 AM
Post #3 of 3
> -----Original Message-----
Re: DNS cache - where to find more information?
[In reply to]
> From: rsyslog-bounces [at] lists [mailto:rsyslog-
> bounces [at] lists] On Behalf Of david [at] lang
> Sent: Monday, July 30, 2012 4:51 AM
> To: rsyslog-users
> Subject: Re: [rsyslog] DNS cache - where to find more information?
> On Mon, 30 Jul 2012, shaded 4 wrote:
> > Hi, we are using rsyslog 6.3.11.
> > From http://www.rsyslog.com/tag/dns-name-cache/, the DNS cache
> > appeared a year ago in v6.3.1.
> > Is there any further information somewhere on this feature, or any
> > feedback? I can't find much online.
> > From limited testing of receiving messages from a small number of
> > it seems to work OK so far, but:
> > a) The above page suggests the DNS entries in the cache never expire,
> so to
> > clear the cache I assume we would have restart the rsyslog service?
> > b) Will the DNS cache be robust enough for our system of ~10000
> msgs/s from
> > hundreds of different servers?
> > c) Has anything changed for the DNS cache since 6.3.1?
> > The above webpage says "Implementation will be improved based on
> > feedback during the next couple of releases"
> > but I can't see any further mention of the DNS cache in subsequent
> > changelogs?
> > d) Is there any user feedback on the DNS cache in the past year? I
> > find much online.
> > From a), should I expect that rsyslog does only one DNS lookup per
> > name while it's running?
> > But from my limited testing, sending a flood of messages from even a
> > number of servers (e.g. 3 or 4)
> > already causes rsyslog to do DNS lookups for the same server name
> every now
> > an again (verified by tcpdump).
> > I can't quite put my finger on how often it does this, and whether
> it's a
> > concern,
> > so I'm hoping someone can help me?
> I think that it's been enhanced to try and do some smart retries based
> the TTL of the domain, but there has not been much in the way of
> on it.
Long story short: no comments --> no changes
People seem to be either happy with the current state or not use it at all (but v6 adoption increases, so I tend to the "happy part"...
Currently no expiration, except (I think) on HUP and, of course, on restart.
> I normally disable DNS lookups, I'm either trusting the hostname in the
> message, or I'm logging the IP address. The middle ground of trusting
> other nameserver to translate the IP address is usually not that useful
> for me.
> David Lang
> rsyslog mailing list
> What's up with rsyslog? Follow https://twitter.com/rgerhards
rsyslog mailing list
What's up with rsyslog? Follow https://twitter.com/rgerhards