dns query process
Robert Stucke
rstucke at gmail.com
Fri Jan 16 18:09:59 UTC 2009
Since they may have cached the NS records at any time, it's just a maximum
of 345600. Once a device follows the delegation from the .com authority and
queries ns1.google.com directly, the NS records in the cache that were
learned from the .com level servers are overwritten with what was learned
from ns1.google.com. The NS records from the TLD authority typically only
exist within a cache for a brief period until overwritten by first query
response from the actual authority.
On Fri, Jan 16, 2009 at 10:56 AM, jittinan suwanrueangsri <
jittinan2 at gmail.com> wrote:
> Hi all
>
> This is result of tracing www.google.com by dig 9.5.0
>
> ; <<>> DiG 9.5.0-P1 <<>> +trace www.google.com
> ;; global options: printcmd
> . 9398 IN NS E.ROOT-SERVERS.NET.
> . 9398 IN NS G.ROOT-SERVERS.NET.
> . 9398 IN NS K.ROOT-SERVERS.NET.
> . 9398 IN NS L.ROOT-SERVERS.NET.
> . 9398 IN NS A.ROOT-SERVERS.NET.
> . 9398 IN NS J.ROOT-SERVERS.NET.
> . 9398 IN NS B.ROOT-SERVERS.NET.
> . 9398 IN NS I.ROOT-SERVERS.NET.
> . 9398 IN NS D.ROOT-SERVERS.NET.
> . 9398 IN NS F.ROOT-SERVERS.NET.
> . 9398 IN NS M.ROOT-SERVERS.NET.
> . 9398 IN NS C.ROOT-SERVERS.NET.
> . 9398 IN NS H.ROOT-SERVERS.NET.
> ;; Received 272 bytes from 10.10.10.101#53(10.10.10.101) in 0 ms
> com. 172800 IN NS a.gtld-servers.net.
> com. 172800 IN NS b.gtld-servers.net.
> com. 172800 IN NS c.gtld-servers.net.
> com. 172800 IN NS d.gtld-servers.net.
> com. 172800 IN NS e.gtld-servers.net.
> com. 172800 IN NS f.gtld-servers.net.
> com. 172800 IN NS g.gtld-servers.net.
> com. 172800 IN NS h.gtld-servers.net.
> com. 172800 IN NS i.gtld-servers.net.
> com. 172800 IN NS j.gtld-servers.net.
> com. 172800 IN NS k.gtld-servers.net.
> com. 172800 IN NS l.gtld-servers.net.
> com. 172800 IN NS m.gtld-servers.net.
> ;; Received 492 bytes from 199.7.83.42#53(L.ROOT-SERVERS.NET) in 273 ms
> google.com. 172800 IN NS ns1.google.com.
> google.com. 172800 IN NS ns2.google.com.
> google.com. 172800 IN NS ns3.google.com.
> google.com. 172800 IN NS ns4.google.com.
> ;; Received 168 bytes from 192.41.162.30#53(l.gtld-servers.net) in 296 ms
> www.google.com. 604800 IN CNAME www.l.google.com.
> l.google.com. 86400 IN NS c.l.google.com.
> l.google.com. 86400 IN NS b.l.google.com.
> l.google.com. 86400 IN NS a.l.google.com.
> l.google.com. 86400 IN NS g.l.google.com.
> l.google.com. 86400 IN NS e.l.google.com.
> l.google.com. 86400 IN NS d.l.google.com.
> l.google.com. 86400 IN NS f.l.google.com.
> ;; Received 276 bytes from 216.239.34.10#53(ns2.google.com) in 349 ms
>
> Here is result of querying ns record from ns1.google.com
>
>
> > google.com
> Server: [216.239.32.10]
> Address: 216.239.32.10
> ------------
> Got answer:
> HEADER:
> opcode = QUERY, id = 6, rcode = NOERROR
> header flags: response, auth. answer, want recursion
> questions = 1, answers = 4, authority records = 0, additional =
> 4
> QUESTIONS:
> google.com, type = NS, class = IN
> ANSWERS:
> -> google.com
> nameserver = ns2.google.com
> ttl = 345600 (4 days)
> -> google.com
> nameserver = ns3.google.com
> ttl = 345600 (4 days)
> -> google.com
> nameserver = ns1.google.com
> ttl = 345600 (4 days)
> -> google.com
> nameserver = ns4.google.com
> ttl = 345600 (4 days)
> ADDITIONAL RECORDS:
> -> ns1.google.com
> internet address = 216.239.32.10
> ttl = 345600 (4 days)
> -> ns2.google.com
> internet address = 216.239.34.10
> ttl = 345600 (4 days)
> -> ns3.google.com
> internet address = 216.239.36.10
> ttl = 345600 (4 days)
> -> ns4.google.com
> internet address = 216.239.38.10
> ttl = 345600 (4 days)
> ------------
> google.com
> nameserver = ns2.google.com
> ttl = 345600 (4 days)
> google.com
> nameserver = ns3.google.com
> ttl = 345600 (4 days)
> google.com
> nameserver = ns1.google.com
> ttl = 345600 (4 days)
> google.com
> nameserver = ns4.google.com
> ttl = 345600 (4 days)
> ns1.google.com
> internet address = 216.239.32.10
> ttl = 345600 (4 days)
> ns2.google.com
> internet address = 216.239.34.10
> ttl = 345600 (4 days)
> ns3.google.com
> internet address = 216.239.36.10
> ttl = 345600 (4 days)
> ns4.google.com
> internet address = 216.239.38.10
> ttl = 345600 (4 days)
> >
>
>
> As shown above ,the first result from dig show that ns1.google.com record
> in com. has ttl= 172800 but the second result from querying one of
> google.com zone authorize which in is case is ns1.google.com show that
> ttl=345600.
>
> If one day google.com remove ns1.google.com from com. or any changing to
> ns1.google.com. How fast do other domain 's caching dns know these
> changing? 172800 or 345600 ?
>
>
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20090116/cc5591ea/attachment.html>
More information about the bind-users
mailing list