North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: Slashdot: Providers Ignoring DNS TTL?
Dean Anderson wrote:
I'd rather expect this sort of behavior with anycasted servers...
I would not expect this kind of behavior from an anycasted address. You'd need a LOT of routing churn to see different caches every few seconds. It's much more likely some kind of load balancer in front of a DNS server farm.
With a cache, the behavior is confusing, but also harms DNS TCP support, just like that described for authoritative servers.
I verified it wasn't anycast by trying to exploit this very issue. I did a query that fell back to TCP while doing multiple small queries. I ran a network capture to pick out the short quries that occurred while the TCP query was going on. Short quries during the TCP connection came back with verying TTLs indicating that I was talking to different caches, i.e. different servers. Yet the TCP query continued without any hiccups. This indicates there is some type of per-session load balancing going on, not anycast routing.
Further there isn't a good reason to have anycasted caches. Indeed, with
Since this isn't anycast routing, can we save the religious diatribes for another thread?
On Tue, 19 Apr 2005, Crist Clark wrote:FWIW, I did some 'dig'ing on my Comcast home service. The DHCP is handing out 188.8.131.52 and 184.108.40.206 for DNS at the moment. I ran a query for a name in a zone I control that has a five minute TTL on 220.127.116.11. The first query came up with 5 minutes. I quickly made a change to the zone. hirty seconds after the initial query, I try again... err... and come up with the change. Hmm... Not caching at all? Another 30 seconds and I get the change, with 5m TTL. Thirty seconds later, I get the original response with appropriately decremented TTL. Another thirty seconds, I get the change, with 4m TTL. My findings: Comcast is now using some kind of load balancing that messes with this kind of testing. 18.104.22.168 is not a single resolver. However, as far as I could tell, they were obeying the TTL. After 5 minutes, all of the responses were coming back with the change. The TTL values in the responses were decrementing as expected.
-- Crist J. Clark firstname.lastname@example.org Globalstar Communications (408) 933-4387 The information contained in this e-mail message is confidential, intended only for the use of the individual or entity named above. If the reader of this e-mail is not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any review, dissemination, distribution or copying of this communication is strictly prohibited. If you have received this e-mail in error, please contact email@example.com