HostDB does not properly cache negative responses

[elsloo]

Currently, it appears that at the very least, the no answer, no error, implicit negative response from an authoritative DNS server is not cached by HostDB. These answers are also known as a NODATA response per RFC 2308, section 2.2, found here: https://datatracker.ietf.org/doc/html/rfc2308#section-2.2

At a minimum, HostDB should implement negative caching for this case, but other cases, such as NXDOMAIN should also be implemented if missing. Ideally the existing implementation would be analyzed against the negative caching RFC linked above, and any gaps would be rectified.

Without the ability to cache negative answers such as the NODATA response, two negative things occur:

1. HostDB will hammer its configured caching resolver with queries that cannot be satisfied
2. Response time of incoming requests may be affected depending on how ATS is configured; for example, when client address family matching is enabled via proxy.config.hostdb.ip_resolve and the upstream host lacks an AAAA record.

[elsloo]

Note: HostDB does have the parameter proxy.config.hostdb.fail.timeout which provides some semblance of negative caching. This might suffice for most use cases.

That said, in an ideal world, this setting would follow the ncache TTL in the SOA record instead of using a static value such that HostDB honors what the domain administrator has configured for a given domain. Perhaps we allow one to specify whether we use a static value or honor the value in the SOA, and, even better if such a parameter is overridable and reloadable.

[SolidWallOfCode]

I'll take a look at this once the current HostDB changes land. It shouldn't be too much work to fix this in the new implementation.

[github-actions[bot]]

This issue has been automatically marked as stale because it has not had recent activity. Marking it stale to flag it for further consideration by the community.