frequent queries to root servers

[Reindl Harald]

Am 27.01.2016 um 00:46 schrieb Reindl Harald:
> Am 27.01.2016 um 00:36 schrieb Darcy Kevin (FCA):
>> Well, when I queried the name livetileedge.dsx.mp.microsoft.com, I got
>> a CNAME chain where all of the links in the chain had TTLs of 300
>> seconds or less:
>>
>> livetileedge.dsx.mp.microsoft.com. 43 IN CNAME
>> livetileedge.dsx.mp.microsoft.com.akadns.net.
>> livetileedge.dsx.mp.microsoft.com.akadns.net. 300 IN CNAME
>> livetileedge.dsx.mp.microsoft.com.edgekey.net.
>> livetileedge.dsx.mp.microsoft.com.edgekey.net. 46 IN CNAME
>> e1898.b.akamaiedge.net.
>> e1898.b.akamaiedge.net. 20      IN      A       23.201.56.85
>>
>> Now, the Authority Section had NS records for b.akamaiedge.net, but
>> that doesn't help mitigate future queries for
>> {whatever}.microsoft.com, {whatever}.akadns.net or
>> {whatever}.edgekey.net, so repeated queries of the same name will need
>> to go back up to the roots again, whenever the TTLs expire (assuming
>> nothing else queried names *directly* in those domains, or
>> intermediate domains, through the same recursive resolver and thus
>> populated relevant NS records).
>>
>> Yet another reason why chained CNAMEs are bad. But, it's hard to argue
>> with a successful company whose whole business model is based on
>> chaining CNAMEs. Who ever knew that violating Internet standards
>> and/or best practices could be so profitable?
>
> violating what? complain at the vendor of your DNS cache or the device
> doing "DNS ALG" in front of you!

or better at the party set such a low TTL (e1898.b.akamaiedge.net.) 
which is *not* the result of the CNAMES

;; ANSWER SECTION:
www.rhsoft.net.         3600    IN      CNAME   proxy.thelounge.net.
proxy.thelounge.net.    3598    IN      A       10.0.0.4

;; ANSWER SECTION:
www.rhsoft.net.         3600    IN      CNAME   proxy.thelounge.net.
proxy.thelounge.net.    3598    IN      A       10.0.0.4


> ;; ANSWER SECTION:
> livetileedge.dsx.mp.microsoft.com. 3581 IN CNAME
> livetileedge.dsx.mp.microsoft.com.akadns.net.
> livetileedge.dsx.mp.microsoft.com.akadns.net. 281 IN CNAME
> livetileedge.dsx.mp.microsoft.com.edgekey.net.
> livetileedge.dsx.mp.microsoft.com.edgekey.net. 281 IN CNAME
> e1898.b.akamaiedge.net.
> e1898.b.akamaiedge.net. 1       IN      A       104.87.22.10
>
> ;; ANSWER SECTION:
> livetileedge.dsx.mp.microsoft.com. 3580 IN CNAME
> livetileedge.dsx.mp.microsoft.com.akadns.net.
> livetileedge.dsx.mp.microsoft.com.akadns.net. 280 IN CNAME
> livetileedge.dsx.mp.microsoft.com.edgekey.net.
> livetileedge.dsx.mp.microsoft.com.edgekey.net. 280 IN CNAME
> e1898.b.akamaiedge.net.
> e1898.b.akamaiedge.net. 0       IN      A       104.87.22.10
>
> ;; ANSWER SECTION:
> livetileedge.dsx.mp.microsoft.com. 3579 IN CNAME
> livetileedge.dsx.mp.microsoft.com.akadns.net.
> livetileedge.dsx.mp.microsoft.com.akadns.net. 279 IN CNAME
> livetileedge.dsx.mp.microsoft.com.edgekey.net.
> livetileedge.dsx.mp.microsoft.com.edgekey.net. 279 IN CNAME
> e1898.b.akamaiedge.net.
> e1898.b.akamaiedge.net. 17      IN      A       104.87.22.10

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20160127/e916871d/attachment-0001.bin>