How to handle short TTLs?

Mark Andrews Mark_Andrews at isc.org
Thu Oct 7 22:20:22 UTC 2004 

> Gary Mills wrote:
> 
> >We've been getting complaints that web browsers time out when
> >they are attempting to access finance.yahoo.com.  The problem
> >seems to be that that name resolves to a CNAME and an A record
> >that both have short TTLs:
> >
> >  finance.yahoo.com	300 IN	CNAME	finance.yahoo2.akadns.net
> >  finance.yahoo2.akadns.net	60 IN	A	216.109.119.250
> >
> >Consequently, they are never in our DNS cache when the user browses
> >to that web site.  When I test the lookup by hand, it does take
> >five or ten seconds for the response to appear.  What can be done
> >about this?  We are running the BIND 8.3.3 version that is shipped
> >with recent Solaris 9 releases.
> >
> I can resolve finance.yahoo.com in 150 msec even without the CNAME or 
> the A record in my cache. So I think there's more to your problem than 
> just the shortness of the TTLs...
> 
>                                                                          
>                                                             - Kevin

	Correct.  He has a firewall which is blocking the EDNS
	replies.  He needs to upgrade / configure the firewall.

	Note the size of the response packet below exceeds the
	plain DNS response size.

	In the meantime he can set "edns-udp-size 512;" (9.3.0,
	8.4.0) though it defeats one of the purposes of using EDNS.
	The real fix is to upgrade the firewall.

	Mark

Network Working Group                                            P. Vixie
Request for Comments: 2671                                            ISC
Category: Standards Track                                     August 1999


                  Extension Mechanisms for DNS (EDNS0)


; <<>> DiG 8.3 <<>> finance.yahoo.com +norec @ns1.yahoo.com +dnssec 
; (1 server found)
;; res options: init defnam dnsrch dnssec
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38005
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 14
;; QUERY SECTION:
;;	finance.yahoo.com, type = A, class = IN

;; ANSWER SECTION:
finance.yahoo.com.	5M IN CNAME	finance.yahoo2.akadns.net.

;; AUTHORITY SECTION:
net.			11h42m42s IN NS  K.GTLD-SERVERS.net.
net.			11h42m42s IN NS  L.GTLD-SERVERS.net.
net.			11h42m42s IN NS  M.GTLD-SERVERS.net.
net.			11h42m42s IN NS  A.GTLD-SERVERS.net.
net.			11h42m42s IN NS  B.GTLD-SERVERS.net.
net.			11h42m42s IN NS  C.GTLD-SERVERS.net.
net.			11h42m42s IN NS  D.GTLD-SERVERS.net.
net.			11h42m42s IN NS  E.GTLD-SERVERS.net.
net.			11h42m42s IN NS  F.GTLD-SERVERS.net.
net.			11h42m42s IN NS  G.GTLD-SERVERS.net.
net.			11h42m42s IN NS  H.GTLD-SERVERS.net.
net.			11h42m42s IN NS  I.GTLD-SERVERS.net.
net.			11h42m42s IN NS  J.GTLD-SERVERS.net.

;; ADDITIONAL SECTION:
K.GTLD-SERVERS.net.	11h42m42s IN A	192.52.178.30
L.GTLD-SERVERS.net.	11h42m42s IN A	192.41.162.30
M.GTLD-SERVERS.net.	11h42m42s IN A	192.55.83.30
A.GTLD-SERVERS.net.	11h42m42s IN A	192.5.6.30
B.GTLD-SERVERS.net.	11h42m42s IN A	192.33.14.30
C.GTLD-SERVERS.net.	11h42m42s IN A	192.26.92.30
D.GTLD-SERVERS.net.	11h42m42s IN A	192.31.80.30
E.GTLD-SERVERS.net.	11h42m42s IN A	192.12.94.30
F.GTLD-SERVERS.net.	11h42m42s IN A	192.35.51.30
G.GTLD-SERVERS.net.	11h42m42s IN A	192.42.93.30
H.GTLD-SERVERS.net.	11h42m42s IN A	192.54.112.30
I.GTLD-SERVERS.net.	11h42m42s IN A	192.43.172.30
J.GTLD-SERVERS.net.	11h42m42s IN A	192.48.79.30
; EDNS: version: 0, udp=4096, flags=0000

;; Total query time: 180 msec
;; FROM: drugs.dv.isc.org to SERVER: 66.218.71.63
;; WHEN: Fri Oct  8 08:03:22 2004
;; MSG SIZE  sent: 46  rcvd: 514

--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org

More information about the bind-users mailing list