Cisco Distributed Director

Barry Margolin barmar at genuity.net
Fri Jun 16 20:40:23 UTC 2000 

In article <394A7007.A89FB15D at db.com>, Werner Wiethege  <ww at db.com> wrote:
>On Fri, 16 Jun 2000, Barry Margolin wrote:
> 
>> Since your TTL is 0 seconds, the caching nameserver shouldn't actually
>> cache the record.  It should forward it to the client machine, and then
>> discard it.  The next time a client tries to look it up, the caching server
>> should go back to the DD.  If you have even load balancing configured on
>> the DD, it should alternate which address it gives out each time.  AFAIK,
>> the fact that all the queries are coming from the same nameserver shouldn't
>> matter.
> 
>The BIND 8.2.3T5B code checks for staleness of a record with the
>following
>comparison (in function stale in ns_eq.c):
>                  dp->d_ttl >= (u_int32_t)tt.tv_sec               
>where d_ttl is the time when a record expires and tv_sec the current
>time.
>I assume older versions have the same kind of check.
>Considering records to be valid as long as the times in seconds are
>the same can explain the behaviour that a caching nameserver keeps
>returning the same value for almost a second when the TTL is 0.
>Tests done by Pete Taylor where he left out without the equal sign
>have shown different behaviour. Does TTL have inclusive or exclusive
>interpretation in the standards or is it an implementation issue?

I don't think the RFC specifies how TTLs are to be interpreted at
sub-second granularity.

I don't recommend using TTL=0, and Distributed Director has a configuration
option to specify what its TTL should be.  I think some ancient versions of
BIND (but not so ancient that they're not still in widespread use) and some
non-BIND servers don't work properly with them.  They seem to expire them
*before* forwarding them back to the client (perhaps this is what the >=
was intended to fix).  I've told our DD administrators to configure TTL=1
(or maybe I told them 10) to avoid this problem.

Back to the original poster's problem, I don't think the fact that a
particular DNS server will use the same address for a whole second should
be that big a problem.  Presumably your web site is accessed from all over
the world, so you'll get queries from lots of different servers, not just
your local server.  The DD will alternate the answers as it responds to
each server, so you should get decent load sharing when the worldwide
connections are taken into account.  And even within your LAN, it will
alternate approximately every second, so the long-term load should balance
out.  Don't forget that browsers also cache data for a few minutes, so even
though at this moment the DNS server may be giving out one address, a
client machine that queried it a few seconds ago will keep using the other
address.

-- 
Barry Margolin, barmar at genuity.net
Genuity, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.

More information about the bind-users mailing list