RE: frequent queries to root servers

Tue, 26 Jan 2016 15:36:49 -0800 

Well, when I queried the name livetileedge.dsx.mp.microsoft.com, I got a CNAME 
chain where all of the links in the chain had TTLs of 300 seconds or less:

livetileedge.dsx.mp.microsoft.com. 43 IN CNAME  
livetileedge.dsx.mp.microsoft.com.akadns.net.
livetileedge.dsx.mp.microsoft.com.akadns.net. 300 IN CNAME 
livetileedge.dsx.mp.microsoft.com.edgekey.net.
livetileedge.dsx.mp.microsoft.com.edgekey.net. 46 IN CNAME 
e1898.b.akamaiedge.net.
e1898.b.akamaiedge.net. 20      IN      A       23.201.56.85

Now, the Authority Section had NS records for b.akamaiedge.net, but that 
doesn't help mitigate future queries for {whatever}.microsoft.com, 
{whatever}.akadns.net or {whatever}.edgekey.net, so repeated queries of the 
same name will need to go back up to the roots again, whenever the TTLs expire 
(assuming nothing else queried names *directly* in those domains, or 
intermediate domains, through the same recursive resolver and thus populated 
relevant NS records).

Yet another reason why chained CNAMEs are bad. But, it's hard to argue with a 
successful company whose whole business model is based on chaining CNAMEs. Who 
ever knew that violating Internet standards and/or best practices could be so 
profitable?

                                                                                
                        - Kevin

-----Original Message-----
From: bind-users-boun...@lists.isc.org 
[mailto:bind-users-boun...@lists.isc.org] On Behalf Of HONTVÁRI Levente
Sent: Tuesday, January 26, 2016 9:07 AM
To: bind-users@lists.isc.org
Subject: frequent queries to root servers

Hi All,

I assumed that the root servers are only queried a few times a week 
(corresponding to the number of top level domains). The logs show a different 
picture, Queries to the root servers are quite frequent. What am I missing?

I have attached a dnstop screen (local network traffic was filtered out), after 
running for about 2 hours. I also attached a log extract about a single query 
from 10.0.3.44 resolved by 10.0.3.48, which involves a query to the root 
servers. I notice that there is a DS record query before the root server query, 
but otherwise I do not see anything strange.

I have an almost stock Bind 9.9.5 resolver configuration on an Ubuntu server.

L.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to