allow shorter resolver-query-timeout configuration
Use-case
Weird network setup:
- Load balancer is listed in NS RR set like this:
example.com NS load-balancer.example.com - The load balancer sets RD=1 and forwards query to a BIND resolver
- The BIND resolver is then configured to talk to backend servers which are not visible in the public NS set
Description
If/when the auths don't keep up with load from the BIND resolver "frontend", the resolver will retry several times during resolver-query-timeout interval, which currently has minimum value of 10 s.
At the same time, the client which sent the original query will timeout because it is not expecting any auth to take 10 seconds to respond. This means the frontend BIND will be doing mostly pointless work, and that the client will penalize BIND-frontend in client's ADB (address database) because it will believe the BIND frontend just times out, while it will give back SERVFAIL, but only after 10 seconds.
See https://indico.dns-oarc.net/event/47/contributions/1018/ for more details.
Request
When BIND is used in this weird scenario it's pointless to have resolver-query-timeout set to 10 s. It should allow configuration to be something like 0.5 seconds because communication with backends should be really fast. With such configuration BIND-frontend can give back SERVFAIL early when backends are not available and the ultimate client will not penalize the BIND-frontend for non-response.