On Wed, 4 Mar 2015, Bob Harold wrote: > Can someone be more specific on what "overwhelm"s the os cache? I > assume all the names still need to be looked up in te os and thus get > in the os cache. Is it cache hits that are too many - that sounds > unlikely. Or is it entries with very low ttl that you are caching > longer in the browser to avoid lookups?
I didn't understand this either. So I did some cursory playing with BIND 9.9.2. * ANY always returns a TTL of 5 seconds. * Unless RD is turned off, named re-issues the request to the authoritative nameservers, iff it has nothing whatsoever in cache. If overwhelming cache was a key consideration, one would think that this would be surfaced in testing. I haven't looked over on the BIND lists. -- Fred Morris -- [Edited for brevity. brian* are names which are not explicitly defined for the zone, which is wildcarded.] ** BIND fetches it into cache when it wasn't there previously. Note the TTLs (all of them). ** ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;brian.m3047.net. IN ANY ;; ANSWER SECTION: brian.m3047.net. 5 IN A 209.221.140.128 ;; AUTHORITY SECTION: m3047.net. 5049 IN NS ns2.distributedns.com. m3047.net. 5049 IN NS ns1.distributedns.com. ;; ADDITIONAL SECTION: ns1.distributedns.com. 22104 IN A 50.194.52.65 ns2.distributedns.com. 22104 IN A 50.194.52.67 ;; Query time: 115 msec ;; SERVER: 10.0.0.220#53(10.0.0.220) ;; WHEN: Tue Mar 3 11:36:48 2015 ;; MSG SIZE rcvd: 134 ** RD is disabled. ** m3047@flame:~> dig brian2.m3047.net any +norecurse ;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;brian2.m3047.net. IN ANY ;; AUTHORITY SECTION: m3047.net. 5023 IN NS ns1.distributedns.com. m3047.net. 5023 IN NS ns2.distributedns.com. ;; ADDITIONAL SECTION: ns1.distributedns.com. 22078 IN A 50.194.52.65 ns2.distributedns.com. 22078 IN A 50.194.52.67 ** Let's query specifically for the (synthesized) A record and load it into cache... Notice the TTL. ** ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;brian2.m3047.net. IN A ;; ANSWER SECTION: brian2.m3047.net. 86400 IN A 209.221.140.128 ;; AUTHORITY SECTION: m3047.net. 4966 IN NS ns1.distributedns.com. m3047.net. 4966 IN NS ns2.distributedns.com. ;; ADDITIONAL SECTION: ns1.distributedns.com. 22021 IN A 50.194.52.65 ns2.distributedns.com. 22021 IN A 50.194.52.67 ** Let's see what ANY says. Notice the TTL. Notice all of the TTLs. ** ;; flags: qr ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;brian2.m3047.net. IN ANY ;; ANSWER SECTION: brian2.m3047.net. 5 IN A 209.221.140.128 ;; AUTHORITY SECTION: m3047.net. 4962 IN NS ns2.distributedns.com. m3047.net. 4962 IN NS ns1.distributedns.com. ;; ADDITIONAL SECTION: ns1.distributedns.com. 22017 IN A 50.194.52.65 ns2.distributedns.com. 22017 IN A 50.194.52.67 ** TTL is still 5 seconds for our qname, but the rest of the TTLs are counting down... ** ;; flags: qr ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;brian2.m3047.net. IN ANY ;; ANSWER SECTION: brian2.m3047.net. 5 IN A 209.221.140.128 ;; AUTHORITY SECTION: m3047.net. 4789 IN NS ns1.distributedns.com. m3047.net. 4789 IN NS ns2.distributedns.com. ;; ADDITIONAL SECTION: ns1.distributedns.com. 21844 IN A 50.194.52.65 ns2.distributedns.com. 21844 IN A 50.194.52.67 ** Hopefully you get the idea... ** ;; flags: qr ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;brian2.m3047.net. IN A ;; ANSWER SECTION: brian2.m3047.net. 86214 IN A 209.221.140.128 ;; AUTHORITY SECTION: m3047.net. 4780 IN NS ns1.distributedns.com. m3047.net. 4780 IN NS ns2.distributedns.com. ;; ADDITIONAL SECTION: ns1.distributedns.com. 21835 IN A 50.194.52.65 ns2.distributedns.com. 21835 IN A 50.194.52.67 _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
