frequent queries to root servers

Reindl Harald h.reindl at thelounge.net
Tue Jan 26 23:46:07 UTC 2016 


Am 27.01.2016 um 00:36 schrieb Darcy Kevin (FCA):
> Well, when I queried the name livetileedge.dsx.mp.microsoft.com, I got a CNAME chain where all of the links in the chain had TTLs of 300 seconds or less:
>
> livetileedge.dsx.mp.microsoft.com. 43 IN CNAME  livetileedge.dsx.mp.microsoft.com.akadns.net.
> livetileedge.dsx.mp.microsoft.com.akadns.net. 300 IN CNAME livetileedge.dsx.mp.microsoft.com.edgekey.net.
> livetileedge.dsx.mp.microsoft.com.edgekey.net. 46 IN CNAME e1898.b.akamaiedge.net.
> e1898.b.akamaiedge.net. 20      IN      A       23.201.56.85
>
> Now, the Authority Section had NS records for b.akamaiedge.net, but that doesn't help mitigate future queries for {whatever}.microsoft.com, {whatever}.akadns.net or {whatever}.edgekey.net, so repeated queries of the same name will need to go back up to the roots again, whenever the TTLs expire (assuming nothing else queried names *directly* in those domains, or intermediate domains, through the same recursive resolver and thus populated relevant NS records).
>
> Yet another reason why chained CNAMEs are bad. But, it's hard to argue with a successful company whose whole business model is based on chaining CNAMEs. Who ever knew that violating Internet standards and/or best practices could be so profitable?

violating what? complain at the vendor of your DNS cache or the device 
doing "DNS ALG" in front of you!

;; ANSWER SECTION:
livetileedge.dsx.mp.microsoft.com. 3581 IN CNAME 
livetileedge.dsx.mp.microsoft.com.akadns.net.
livetileedge.dsx.mp.microsoft.com.akadns.net. 281 IN CNAME 
livetileedge.dsx.mp.microsoft.com.edgekey.net.
livetileedge.dsx.mp.microsoft.com.edgekey.net. 281 IN CNAME 
e1898.b.akamaiedge.net.
e1898.b.akamaiedge.net. 1       IN      A       104.87.22.10

;; ANSWER SECTION:
livetileedge.dsx.mp.microsoft.com. 3580 IN CNAME 
livetileedge.dsx.mp.microsoft.com.akadns.net.
livetileedge.dsx.mp.microsoft.com.akadns.net. 280 IN CNAME 
livetileedge.dsx.mp.microsoft.com.edgekey.net.
livetileedge.dsx.mp.microsoft.com.edgekey.net. 280 IN CNAME 
e1898.b.akamaiedge.net.
e1898.b.akamaiedge.net. 0       IN      A       104.87.22.10

;; ANSWER SECTION:
livetileedge.dsx.mp.microsoft.com. 3579 IN CNAME 
livetileedge.dsx.mp.microsoft.com.akadns.net.
livetileedge.dsx.mp.microsoft.com.akadns.net. 279 IN CNAME 
livetileedge.dsx.mp.microsoft.com.edgekey.net.
livetileedge.dsx.mp.microsoft.com.edgekey.net. 279 IN CNAME 
e1898.b.akamaiedge.net.
e1898.b.akamaiedge.net. 17      IN      A       104.87.22.10




-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20160127/8f2f4f58/attachment.bin>

More information about the bind-users mailing list