Closed Bug 1493619 Opened 4 years ago Closed 4 years ago

DNS cache: pad very short TTLs with a grace period


(Core :: Networking: DNS, enhancement, P2)




Tracking Status
firefox64 --- fixed


(Reporter: bagder, Assigned: bagder)


(Whiteboard: [necko-triaged])


(1 file)

(split out from bug 1463374)

With proper support for DNS TTLs, we occasionally get responses with single-digit seconds life-times. This makes them expire from the cache ridiculously fast, and for TTL-support we don't set a grace period.

Since the non-TTL version of the DNS cache still works fine with 60 second default TTL + 60 second grace timeout, there's a strong indicator that just adding a little grace will not break Firefox for users with TTL supported DNS resolves.

I propose we set a grace for all TTLs less than a minute to pad out the cache life time to a full minute (at least). Like this:

 if (ttl < 60) {
   grace = 60 - ttl;
Whiteboard: [necko-triaged]
MozReview-Commit-ID: 8AsmyaSYVJr
Is there a way to notice that we are breaking something? Do we have some telemetry probe? If we do not have any, we should add some, e.g. maybe black-listed address rate when a record is used in grace period.
Flags: needinfo?(daniel)
We don't have any decent probe to measure if this breaks anything. But again: we already set a 60 second grace period to *all* DNS entries when using the native resolver on Linux and mac so if adding (up to 60 seconds) grace would be a problem, that problem would already exist in Firefox on these platforms since a few years back.

But adding some sort of counter for how many blacklisted addresses that are added while in grace period compared to non-grace could certainly be an interesting probe.

However; isn't the blacklisting basically the only current method we have to disable further IPv6 attempts for specific hosts for the cases where you resolve IPv6 addresses but IPv6 isn't working (correctly) ? If so, then I presume those blocks will drown all other blocks.
Flags: needinfo?(daniel) → needinfo?(dd.mozilla)
Pushed by
pad DNS entry grace period for low TTL cases r=dragana
Closed: 4 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla64
Flags: needinfo?(dd.mozilla)
You need to log in before you can comment on or make changes to this bug.