frequent queries to root servers

Darcy Kevin (FCA) kevin.darcy at fcagroup.com
Tue Jan 26 23:36:11 UTC 2016 

Well, when I queried the name livetileedge.dsx.mp.microsoft.com, I got a CNAME chain where all of the links in the chain had TTLs of 300 seconds or less:

livetileedge.dsx.mp.microsoft.com. 43 IN CNAME  livetileedge.dsx.mp.microsoft.com.akadns.net.
livetileedge.dsx.mp.microsoft.com.akadns.net. 300 IN CNAME livetileedge.dsx.mp.microsoft.com.edgekey.net.
livetileedge.dsx.mp.microsoft.com.edgekey.net. 46 IN CNAME e1898.b.akamaiedge.net.
e1898.b.akamaiedge.net. 20      IN      A       23.201.56.85

Now, the Authority Section had NS records for b.akamaiedge.net, but that doesn't help mitigate future queries for {whatever}.microsoft.com, {whatever}.akadns.net or {whatever}.edgekey.net, so repeated queries of the same name will need to go back up to the roots again, whenever the TTLs expire (assuming nothing else queried names *directly* in those domains, or intermediate domains, through the same recursive resolver and thus populated relevant NS records).

Yet another reason why chained CNAMEs are bad. But, it's hard to argue with a successful company whose whole business model is based on chaining CNAMEs. Who ever knew that violating Internet standards and/or best practices could be so profitable?

													- Kevin

-----Original Message-----
From: bind-users-bounces at lists.isc.org [mailto:bind-users-bounces at lists.isc.org] On Behalf Of HONTVÁRI Levente
Sent: Tuesday, January 26, 2016 9:07 AM
To: bind-users at lists.isc.org
Subject: frequent queries to root servers

Hi All,

I assumed that the root servers are only queried a few times a week (corresponding to the number of top level domains). The logs show a different picture, Queries to the root servers are quite frequent. What am I missing?

I have attached a dnstop screen (local network traffic was filtered out), after running for about 2 hours. I also attached a log extract about a single query from 10.0.3.44 resolved by 10.0.3.48, which involves a query to the root servers. I notice that there is a DS record query before the root server query, but otherwise I do not see anything strange.

I have an almost stock Bind 9.9.5 resolver configuration on an Ubuntu server.

L.

More information about the bind-users mailing list