How to handle short TTLs?
Mark Andrews
Mark_Andrews at isc.org
Thu Oct 7 22:20:22 UTC 2004
> Gary Mills wrote:
>
> >We've been getting complaints that web browsers time out when
> >they are attempting to access finance.yahoo.com. The problem
> >seems to be that that name resolves to a CNAME and an A record
> >that both have short TTLs:
> >
> > finance.yahoo.com 300 IN CNAME finance.yahoo2.akadns.net
> > finance.yahoo2.akadns.net 60 IN A 216.109.119.250
> >
> >Consequently, they are never in our DNS cache when the user browses
> >to that web site. When I test the lookup by hand, it does take
> >five or ten seconds for the response to appear. What can be done
> >about this? We are running the BIND 8.3.3 version that is shipped
> >with recent Solaris 9 releases.
> >
> I can resolve finance.yahoo.com in 150 msec even without the CNAME or
> the A record in my cache. So I think there's more to your problem than
> just the shortness of the TTLs...
>
>
> - Kevin
Correct. He has a firewall which is blocking the EDNS
replies. He needs to upgrade / configure the firewall.
Note the size of the response packet below exceeds the
plain DNS response size.
In the meantime he can set "edns-udp-size 512;" (9.3.0,
8.4.0) though it defeats one of the purposes of using EDNS.
The real fix is to upgrade the firewall.
Mark
Network Working Group P. Vixie
Request for Comments: 2671 ISC
Category: Standards Track August 1999
Extension Mechanisms for DNS (EDNS0)
; <<>> DiG 8.3 <<>> finance.yahoo.com +norec @ns1.yahoo.com +dnssec
; (1 server found)
;; res options: init defnam dnsrch dnssec
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38005
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 14
;; QUERY SECTION:
;; finance.yahoo.com, type = A, class = IN
;; ANSWER SECTION:
finance.yahoo.com. 5M IN CNAME finance.yahoo2.akadns.net.
;; AUTHORITY SECTION:
net. 11h42m42s IN NS K.GTLD-SERVERS.net.
net. 11h42m42s IN NS L.GTLD-SERVERS.net.
net. 11h42m42s IN NS M.GTLD-SERVERS.net.
net. 11h42m42s IN NS A.GTLD-SERVERS.net.
net. 11h42m42s IN NS B.GTLD-SERVERS.net.
net. 11h42m42s IN NS C.GTLD-SERVERS.net.
net. 11h42m42s IN NS D.GTLD-SERVERS.net.
net. 11h42m42s IN NS E.GTLD-SERVERS.net.
net. 11h42m42s IN NS F.GTLD-SERVERS.net.
net. 11h42m42s IN NS G.GTLD-SERVERS.net.
net. 11h42m42s IN NS H.GTLD-SERVERS.net.
net. 11h42m42s IN NS I.GTLD-SERVERS.net.
net. 11h42m42s IN NS J.GTLD-SERVERS.net.
;; ADDITIONAL SECTION:
K.GTLD-SERVERS.net. 11h42m42s IN A 192.52.178.30
L.GTLD-SERVERS.net. 11h42m42s IN A 192.41.162.30
M.GTLD-SERVERS.net. 11h42m42s IN A 192.55.83.30
A.GTLD-SERVERS.net. 11h42m42s IN A 192.5.6.30
B.GTLD-SERVERS.net. 11h42m42s IN A 192.33.14.30
C.GTLD-SERVERS.net. 11h42m42s IN A 192.26.92.30
D.GTLD-SERVERS.net. 11h42m42s IN A 192.31.80.30
E.GTLD-SERVERS.net. 11h42m42s IN A 192.12.94.30
F.GTLD-SERVERS.net. 11h42m42s IN A 192.35.51.30
G.GTLD-SERVERS.net. 11h42m42s IN A 192.42.93.30
H.GTLD-SERVERS.net. 11h42m42s IN A 192.54.112.30
I.GTLD-SERVERS.net. 11h42m42s IN A 192.43.172.30
J.GTLD-SERVERS.net. 11h42m42s IN A 192.48.79.30
; EDNS: version: 0, udp=4096, flags=0000
;; Total query time: 180 msec
;; FROM: drugs.dv.isc.org to SERVER: 66.218.71.63
;; WHEN: Fri Oct 8 08:03:22 2004
;; MSG SIZE sent: 46 rcvd: 514
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list