Forward to upstream if recursor timeout
I tried to resolve api.openai.com directly and gave SRVFAIL (timeout). Than, I added policy.add(policy.suffix(policy.FORWARD('1.1.1.1'), {todname('openai.com.')})) and it's works well. Please, can you add constructor, so knot-resolver will forward any requests to upstream (like 1.1.1.1), if it can't resolve name directly? It's broken network in my country, so I predict many occurencies like this one. But at the same time I don't like to forward all DNS traffic to upstream.
Trace to api.openai.com below. Thank you for the best DNS-resolver.
[iterat][65568.00] '\:api.openai.com.' type 'A' new uid was assigned .01, parent uid .00
[cache ][65568.01] => skipping exact packet: rank 030 (min. 030), new TTL -1974
[cache ][65568.01] => skipping unfit NS RR: rank 020, new TTL -1674
[cache ][65568.01] => no NSEC* cached for zone: com.
[cache ][65568.01] => skipping zone: com., NSEC, hash 0;new TTL -123456789, ret -2
[cache ][65568.01] => skipping zone: com., NSEC, hash 0;new TTL -123456789, ret -2
[zoncut][65568.01] found cut: com. (rank 002 return codes: DS 0, DNSKEY 0)
[select][65568.01] => id: '17164' choosing from addresses: 13 v4 + 13 v6; names to resolve: 0 v4 + 0 v6; force_resolve: 0; NO6: IPv6 is OK
[select][65568.01] => id: '17164' choosing: 'd.gtld-servers.net.'@'2001:500:856e::30#00053' with timeout 61 ms zone cut: 'com.'
[resolv][65568.01] => id: '17164' querying: 'd.gtld-servers.net.'@'2001:500:856e::30#00053' zone cut: 'com.' qname: 'openai.com.' qtype: 'NS' proto: 'udp'
[select][65568.01] => id: '17164' updating: 'd.gtld-servers.net.'@'2001:500:856e::30#00053' zone cut: 'com.' with rtt 39 to srtt: 41 and variance: 2
[iterat][65568.01] <= answer received:
;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 17164
;; Flags: qr cd QUERY: 1; ANSWER: 0; AUTHORITY: 8; ADDITIONAL: 3
;; EDNS PSEUDOSECTION:
;; Version: 0; flags: do; UDP size: 4096 B; ext-rcode: Unused
;; QUESTION SECTION
openai.com. NS
;; AUTHORITY SECTION
openai.com. 172800 NS ns1-02.azure-dns.com.
openai.com. 172800 NS ns2-02.azure-dns.net.
openai.com. 172800 NS ns3-02.azure-dns.org.
openai.com. 172800 NS ns4-02.azure-dns.info.
ck0pojmg874ljref7efn8430qvit8bsm.com. 86400 NSEC3 1 1 0 - ck0q2d6ni4i7eqh8na30ns61o48ul8g5 NS SOA RRSIG DNSKEY NSEC3PARAM
ck0pojmg874ljref7efn8430qvit8bsm.com. 86400 RRSIG NSEC3 8 2 86400 20231126052601 20231119041601 63246 com. YMbZ3SAmOlNrSjA3YeXeBWcynbXh3iyGt6BO8yy6L2Vv2/vfkwyjzbktwEgbfEDmvKR3OoAGYk2Oz6vsQM9h9YQgv3lX4PtFO3/UeJx+ch/0osY55JsWxKgOicbAmrcG48FDoNlPwXDxo6OS8yLlM2ebXXNQzpNrYIkbzc4Boubtioxr4zRxtULG8YQbdlF22xzD/+6yl8aQxsqn33pOSA==
fc8glefs8ap8tf36vnvu89n9m5kahmfa.com. 86400 NSEC3 1 1 0 - fc8gntfemrajjot6gpl46hq85915o0ho NS DS RRSIG
fc8glefs8ap8tf36vnvu89n9m5kahmfa.com. 86400 RRSIG NSEC3 8 2 86400 20231127053751 20231120042751 63246 com. NtoXuNcvq5kKjH+6s00oEiXcnpOmTkgTwcdBmC6+iZsObDmsVnxJEsbs53fwBJ8YjMDK70vCZAZ75v+HCHAUrlQNPIISKfDTXJXg0uV6HUqGfbw7/POSg5A39/niHr8DpbNoHH3tNJJbg9N+QjMcpEnohTstNnoxiWWztXyENvdoEe04/RPXBPXrHzbYuBjvfDSFUeP/aTqYAUuuhZXiPw==
;; ADDITIONAL SECTION
ns1-02.azure-dns.com. 172800 A 13.107.236.2
ns1-02.azure-dns.com. 172800 AAAA 2603:1061:0:700::2
[iterat][65568.01] <= loaded 2 glue addresses
[iterat][65568.01] <= referral response, follow
[valdtr][65568.01] <= answer valid, OK
[cache ][65568.01] => stashed openai.com. NS, rank 010, 112 B total, incl. 0 RRSIGs
[cache ][65568.01] => not overwriting AAAA ns1-02.azure-dns.com.
[cache ][65568.01] => not overwriting A ns1-02.azure-dns.com.
[iterat][65568.01] '\:api.openai.com.' type 'A' new uid was assigned .02, parent uid .00
[resolv][65568.02] <= DS doesn't exist, going insecure
[select][65568.02] => id: '22175' choosing from addresses: 1 v4 + 1 v6; names to resolve: 3 v4 + 3 v6; force_resolve: 0; NO6: IPv6 is OK
[select][65568.02] => id: '22175' choosing: 'ns1-02.azure-dns.com.'@'13.107.236.2#00053' with timeout 10000 ms zone cut: 'openai.com.'
[resolv][65568.02] => id: '22175' querying: 'ns1-02.azure-dns.com.'@'13.107.236.2#00053' zone cut: 'openai.com.' qname: '\:api.openai.com.' qtype: 'A' proto: 'tcp'
[worker][65568.02] => connecting to: '13.107.236.2#00053'
[select][65568.02] => id: '22175' noting selection error: 'ns1-02.azure-dns.com.'@'13.107.236.2#00053' zone cut: 'openai.com.' error: 3 TCP_CONNECT_FAILED
[iterat][65568.02] '\:api.openai.com.' type 'A' new uid was assigned .03, parent uid .00
[select][65568.03] => id: '27733' choosing from addresses: 0 v4 + 1 v6; names to resolve: 3 v4 + 3 v6; force_resolve: 0; NO6: IPv6 is OK
[select][65568.03] => id: '27733' choosing: 'ns1-02.azure-dns.com.'@'2603:1061:0:700::2#00053' with timeout 10000 ms zone cut: 'openai.com.'
[resolv][65568.03] => id: '27733' querying: 'ns1-02.azure-dns.com.'@'2603:1061:0:700::2#00053' zone cut: 'openai.com.' qname: '\:api.openai.com.' qtype: 'A' proto: 'udp'
[select][65568.03] NO6: timed out, appended, timeouts 2/6
[select][65568.03] => id: '27733' noting selection error: 'ns1-02.azure-dns.com.'@'2603:1061:0:700::2#00053' zone cut: 'openai.com.' error: 1 QUERY_TIMEOUT
[worker][65568.00] internal timeout for resolving the request has expired
[resolv][65568.00] request failed, answering with empty SERVFAIL
[resolv][65568.03] finished in state: 8, queries: 0, mempool: 98352 B
;; selected from AUTHORITY sections:
; ranked rrset to_wire false, rank 010 (insecure), cached true, qry_uid 1, revalidations 0
openai.com. 86400 NS ns1-02.azure-dns.com.
openai.com. 86400 NS ns2-02.azure-dns.net.
openai.com. 86400 NS ns3-02.azure-dns.org.
openai.com. 86400 NS ns4-02.azure-dns.info.
; ranked rrset to_wire false, rank 060 (auth secure), cached false, qry_uid 1, revalidations 0
ck0pojmg874ljref7efn8430qvit8bsm.com. 86400 NSEC3 1 1 0 - ck0q2d6ni4i7eqh8na30ns61o48ul8g5 NS SOA RRSIG DNSKEY NSEC3PARAM
; ranked rrset to_wire false, rank 060 (auth secure), cached false, qry_uid 1, revalidations 0
ck0pojmg874ljref7efn8430qvit8bsm.com. 86400 RRSIG NSEC3 8 2 86400 20231126052601 20231119041601 63246 com. YMbZ3SAmOlNrSjA3YeXeBWcynbXh3iyGt6BO8yy6L2Vv2/vfkwyjzbktwEgbfEDmvKR3OoAGYk2Oz6vsQM9h9YQgv3lX4PtFO3/UeJx+ch/0osY55JsWxKgOicbAmrcG48FDoNlPwXDxo6OS8yLlM2ebXXNQzpNrYIkbzc4Boubtioxr4zRxtULG8YQbdlF22xzD/+6yl8aQxsqn33pOSA==
; ranked rrset to_wire false, rank 060 (auth secure), cached false, qry_uid 1, revalidations 0
fc8glefs8ap8tf36vnvu89n9m5kahmfa.com. 86400 NSEC3 1 1 0 - fc8gntfemrajjot6gpl46hq85915o0ho NS DS RRSIG
; ranked rrset to_wire false, rank 060 (auth secure), cached false, qry_uid 1, revalidations 0
fc8glefs8ap8tf36vnvu89n9m5kahmfa.com. 86400 RRSIG NSEC3 8 2 86400 20231127053751 20231120042751 63246 com. NtoXuNcvq5kKjH+6s00oEiXcnpOmTkgTwcdBmC6+iZsObDmsVnxJEsbs53fwBJ8YjMDK70vCZAZ75v+HCHAUrlQNPIISKfDTXJXg0uV6HUqGfbw7/POSg5A39/niHr8DpbNoHH3tNJJbg9N+QjMcpEnohTstNnoxiWWztXyENvdoEe04/RPXBPXrHzbYuBjvfDSFUeP/aTqYAUuuhZXiPw==
;; selected from ADDITIONAL sections:
; ranked rrset to_wire false, rank 001 (omit), cached false, qry_uid 1, revalidations 0
ns1-02.azure-dns.com. 86400 A 13.107.236.2
; ranked rrset to_wire false, rank 001 (omit), cached false, qry_uid 1, revalidations 0
ns1-02.azure-dns.com. 86400 AAAA 2603:1061:0:700::2