frequent queries to root servers

HONTVÁRI Levente Tue, 26 Jan 2016 06:08:06 -0800

Hi All,

I assumed that the root servers are only queried a few times a week(corresponding to the number of top level domains). The logs show adifferent picture, Queries to the root servers are quite frequent. Whatam I missing?

I have attached a dnstop screen (local network traffic was filteredout), after running for about 2 hours. I also attached a log extractabout a single query from 10.0.3.44 resolved by 10.0.3.48, whichinvolves a query to the root servers. I notice that there is a DS recordquery before the root server query, but otherwise I do not see anythingstrange.

I have an almost stock Bind 9.9.5 resolver configuration on an Ubuntuserver.

L.

Queries: 0 new, 3758 total                                                                                                                                                         Tue Jan 26 14:57:27 2016

Query Name       Count      %   cum%
------------ --------- ------ ------
com               2015   53.6   53.6
net                934   24.9   78.5
hu                 277    7.4   85.8
.                  205    5.5   91.3
org                 93    2.5   93.8
pl                  34    0.9   94.7
uk                  29    0.8   95.4
nl                  19    0.5   96.0
cn                  18    0.5   96.4
tv                  17    0.5   96.9
in-addr.arpa        12    0.3   97.2
de                  12    0.3   97.5
ru                  11    0.3   97.8
club                10    0.3   98.1
se                  10    0.3   98.4
co                   9    0.2   98.6
am                   9    0.2   98.8
info                 9    0.2   99.1
io                   7    0.2   99.3
edu                  6    0.2   99.4
hk                   4    0.1   99.5
be                   4    0.1   99.6
at                   3    0.1   99.7
cc                   3    0.1   99.8
it                   2    0.1   99.8
cz                   2    0.1   99.9
local                2    0.1   99.9
biz                  1    0.0  100.0
lan                  1    0.0  100.0

10.0.3.44.28233 > 10.0.3.48.53: 31685+ A? livetileedge.dsx.mp.microsoft.com. (51)
10.0.3.48.19620 > 208.76.45.53.53: 51063% [1au] A? livetileedge.dsx.mp.microsoft.com. ar: . OPT UDPsize=4096 OK (62)
208.76.45.53.53 > 10.0.3.48.19620: 51063*- q: A? livetileedge.dsx.mp.microsoft.com. 1/0/1 livetileedge.dsx.mp.microsoft.com. [1h] CNAME livetileedge.dsx.mp.microsoft.com.akadns.net
10.0.3.48.52753 > 96.7.49.129.53: 55032% [1au] A? livetileedge.dsx.mp.microsoft.com.akadns.net. ar: . OPT UDPsize=4096 OK (73)
96.7.49.129.53 > 10.0.3.48.52753: 55032*- q: A? livetileedge.dsx.mp.microsoft.com.akadns.net. 1/0/1 livetileedge.dsx.mp.microsoft.com.akadns.net. [5m] CNAME livetileedge.dsx.mp.mic
10.0.3.48.54539 > 198.41.0.4.53: 53961% [1au] DS? akadns.net. ar: . OPT UDPsize=4096 OK (39)
10.0.3.48.55442 > 198.41.0.4.53: 64095% [1au] NS? . ar: . OPT UDPsize=4096 OK (28)
198.41.0.4.53 > 10.0.3.48.55442: 64095*- q: NS? . 14/0/25 . [6d] NS g.root-servers.net., . [6d] NS c.root-servers.net., . [6d] NS k.root-servers.net., . [6d] NS b.root-servers.net.
198.41.0.4.53 > 10.0.3.48.54539: 53961- q: DS? akadns.net. 0/15/16 ns: net. [2d] NS m.gtld-servers.net., net. [2d] NS l.gtld-servers.net., net. [2d] NS k.gtld-servers.net., net. [2
10.0.3.48.42551 > 192.52.178.30.53: 2282% [1au] DS? akadns.net. ar: . OPT UDPsize=4096 OK (39)
192.52.178.30.53 > 10.0.3.48.42551: 2282*- q: DS? akadns.net. 0/6/1 ns: A1RT98BS5QGC9NFI51S9HCI47ULJG6JH.net. [1d] Type50, A1RT98BS5QGC9NFI51S9HCI47ULJG6JH.net. [1d] RRSIG, net. [1
10.0.3.48.1357 > 2.22.230.65.53: 20299% [1au] A? livetileedge.dsx.mp.microsoft.com.edgekey.net. ar: . OPT UDPsize=4096 OK (74)
2.22.230.65.53 > 10.0.3.48.1357: 20299*- q: A? livetileedge.dsx.mp.microsoft.com.edgekey.net. 1/0/1 livetileedge.dsx.mp.microsoft.com.edgekey.net. [5m] CNAME e1898.b.akamaiedge.net
10.0.3.48.45774 > 2.20.182.166.53: 57507% [1au] A? e1898.b.akamaiedge.net. ar: . OPT UDPsize=4096 OK (51)
2.20.182.166.53 > 10.0.3.48.45774: 57507*- q: A? e1898.b.akamaiedge.net. 1/0/0 e1898.b.akamaiedge.net. [20s] A 23.7.197.25 (56)
10.0.3.48.2767 > 192.33.4.12.53: 8654% [1au] DS? akamaiedge.net. ar: . OPT UDPsize=4096 OK (43)
192.33.4.12.53 > 10.0.3.48.2767: 8654- q: DS? akamaiedge.net. 0/15/16 ns: net. [2d] NS m.gtld-servers.net., net. [2d] NS k.gtld-servers.net., net. [2d] NS b.gtld-servers.net., net.
10.0.3.48.18914 > 192.54.112.30.53: 53417% [1au] DS? akamaiedge.net. ar: . OPT UDPsize=4096 OK (43)
192.54.112.30.53 > 10.0.3.48.18914: 53417*- q: DS? akamaiedge.net. 0/6/1 ns: A1RT98BS5QGC9NFI51S9HCI47ULJG6JH.net. [1d] Type50, A1RT98BS5QGC9NFI51S9HCI47ULJG6JH.net. [1d] RRSIG, ne
10.0.3.48.53 > 10.0.3.44.28233: 31685 q: A? livetileedge.dsx.mp.microsoft.com. 4/8/8 livetileedge.dsx.mp.microsoft.com. [1h] CNAME livetileedge.dsx.mp.microsoft.com.akadns.net., li

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

frequent queries to root servers

Reply via email to