Exempt from fetch-limits, fetches generated as a result of prefetch of something already in cache (opened as feature request, but could also be considered to be a design defect)
Description
Exempt fetches generated as a result of prefetch of something already in cache, from fetch limits
Request
fetches-per-zone and fetches-server were originally designed to limit the number of pending fetches from a resolver to auth servers when the auth servers were failing to respond (thus causing a backlog of fetches). There is another use-case for fetch-limits that we have observed (see Support ticket #18991) in which fetch-limits are used instead to limit concurrent queries to servers that are responding normally, even under DDoS query loads. In this situation the intention of applying the fetch-limits is to limit the impact on the auth servers of the DDoS. But this has the unfortunate effect of also rate-limiting 'good' queries.
For the 'good' queries for popular names - those are only going to be sent to the authoritative servers on a cache miss, or when previously cached content is close to expiry. Therefore one additional potential mitigation would be to try to ensure a much 'good' content remains in cache, so that it's only the 'new' or 'bad' content queries that causes fetches. IF prefetches (of previous known 'good' content, not negative NXDOMAIN or NXRRSET) were allowed a free pass through the fetch limits fence, then this would help in maintaining a good cache from which good query responses could be given, whilst at the same time rate-limiting the 'bad' queries being sent to the auth servers.