[dns-operations] good async DNS library

Klaus Darilion klaus.mailinglists at pernau.at
Fri Apr 26 09:43:15 UTC 2019



Am 26.04.2019 um 05:04 schrieb Doug Barton:
> On 4/25/19 2:08 PM, Klaus Darilion wrote:
>> Hi all!
>>
>> For various monitoring scripts we use Perl's NET::DNS and
>> Net::DNS::Async. Unfortunately they have various problems, ie
>> Net::DNS::Async does not support DNSSEC and sending to other ports
>> than 54, with Net::DNS's timeout/retries settings I never get the
>> expected results ....
>>
>> Can someon recommend a DNS library (Perl, Python or PHP preferred)
>> that supports:
>> - async resolving
>> - setting DO bit
>> - EDNS0 options
>> - proper timeout handling
>> - sending queries to non-standard ports
>> - (optional: TCP fallback)
> 
> Maybe if you sent your queries to port 53 you'd have better results?  ;)
> 
> Seriously though, it would be easier to help if you talked about what
> you're trying to accomplish, rather than starting out with a proposed
> solution. Also, please define what you mean by async, and why you think
> you need it. (I know those may sounds like dumb questions, but it will
> be easier to help you if you answer them.)

My current task is to monitor zone freshness on our Anycast cloud. So,
every second, I send SOA requests to every of our 30 global nodes and
check the received serial.

I currently use Net::DNS::Async as sequential scanning takes to long -
hence with async. I patched Async to allow sending also to non-standard
ports (with only 1 unicast IP, but multiple name server processes, I
have to use different ports). But there is still the problem that
Timeouts are only with 1 second granularity, but I need timeouts < 1s.

That's why I look for a good replacement of Net::DNS::Async.


> I have done a fair bit with both Perl and Net::DNS(::SEC), and while it
> has a lot of warts, they are improving with the recent few years of
> active maintenance. The timeout/retry code tends to do what it should
> do, whether that's what you intended or not.

Last time I checked it was also not possible to use timeouts < 1 second
and no retries. But his may have changed meanwhile.

> If you have a requirement
> for stricter timeouts and/or predictable retries you'd be better off
> using Net::DNS::Packet, and use Perl's IO::Socket module to send; rather
> than using any of the pre-baked methods for queries in Net::DNS. I
> combine that with alarms in situations where I need stricter timeouts,
> retries with progressive backoff, etc. That said, do enough of that work
> yourself and it will make you more appreciative of some of the oddities
> of what Net::DNS is doing.

Sounds reasonable, If I would only have more time to implement it myself ;-)

Thanks
Klaus




More information about the dns-operations mailing list