[freedomben]

Well dang, that's what I get for taking too long to implement my idea :-D

Seriously this is great. I started building a "scriptable DNS" to make it easy to have a DNS record that always points at the valid K8s nodes in my cluster (and randomizes the order of the IPs each time). Since nodes can come and go very quickly (especially during an upgrade), and their IP changes every time, it's useful to be able to act dynamically.

This is most assuredly better than what I was building though. Mine is rust-based but the "script language" is a very simple DSL. I considered allowing docker containers that receive some command arguments and must write the answer to standard out, but that felt like a brittle interface and I worried about performance (even with offering a cache). I also considered writing it in Elixir and allowing elixir code snippets, but I got scared of how hard it would be to secure that.

Anyway really neat idea! I hope to see more innovations and implementations!

[mike_d]

I can't nail down the exact date, but I believe PowerDNS 2.0 shipped sometime around 2001-2002 with pipe backend support. It allowed you to craft dynamic responses to DNS queries from any language you could get to run on Linux.

[Raineer]

Yeah this was my thought, too. I was using PowerDNS to do this sort of thing within a basic home environment. But I have no idea if it has the necessary features to keep a production environment happy. It was fun to play with.

[sbarre]

Curious how you imagined handling TTL and response caching in this kind of scenario?

In my experience, ISPs (particularly residential providers) sometimes ignore/override the TTL in authoritative DNS records and aggressively cache responses, for reasons...

[freedomben]

Yeah great question, and I don't fully have an answer yet! For the scenario I need it for, the hostname only does one thing and won't be looked up by the client until it's needed, which helps avoid that problem. Furthermore, thank to K8s nodePort routing, as long as one of the nodes is still alive and answering, the request will be routed even if the first IP is no longer valid. I've also considered as the cluster size grows, only returning the 3 to 5 newest node IPs present since I expect the ones most likely to get killed/recycled will be the older ones (not always true, but often is in my setup).

Has anybody else run into this and solved it? Cloudflare DNS seems to have figured out a decent way to deal with this. I may take a close look at their responses and see what they set for TTL, etc.

[sbarre]

I will admit my DNS knowledge is a bit out of date, so I am sure folks much smarter than me have indeed figured this out. I am also curious about how this gets mitigated.