On 05.05.18 12:40, Ask Bjørn Hansen wrote: > >> On May 3, 2018, at 17:25, Nico <nicom...@gmail.com> wrote: >> >> After some tcpdumping and testing we found that chrome and dns tunneling >> were filing the cache, >> even if the percent of this queries was very low in the total. > > What do those queries look like?
For the chrome part, I guess he is talking about queries like these from Android mobile devices using Google Chrome: xmbltwvfgzoj AAAA oputhfmeqha AAAA fpxfkjurisphngo AAAA oputhfmeqha A fpxfkjurisphngo A xmbltwvfgzoj A I noticed this too a few weeks ago when playing with an Android Emulator. I did not look into this more and cannot tell at what interval they appear exactly. They seem to appear at least every time I started Google Chrome. The queries are random. Next time they are completely different but of the same length and same query character set. The response is of course NXDOMAIN. Negative caching TTL for the root zone is 1 day. I guess most DNS resolver software limit the negative caching TTL to something a fair bit lower. I just looked it up for PowerDNS recursor and it is set to max 3600 sec: https://doc.powerdns.com/md/recursor/settings/#max-negative-ttl Maybe the problem is that dnsdist has no max negative ttl limit? https://dnsdist.org/guides/cache.html Daniel _______________________________________________ dnsdist mailing list dnsdist@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/dnsdist