Repeated queries to the root-servers
Bernhard.Schmidt at lrz-muenchen.de
Fri Mar 9 13:24:07 UTC 2007
during debugging another issue (a description for that will follow later
today) I saw a weird behaviour on our recursive nameservers which I
cannot quite explain.
We are running (self-compiled) BIND 9.3.4 and 9.4.0 on SLES9 Xeon boxes
configured for anycasted recursor deployment in our campus network. To
my understanding, the recursor should (after a clean startup) send the
first question for something in e.g. .com to the root-servers, then
cache the referral and send all further questions to the NS-set for the
TLD (gtld-servers.net for .com in this case).
However, we saw much more frequent queries to the root-servers in
tcpdumps for TLDs that must have been queried before (.net, .de). So I
conducted a small test and ran 20000 queries from the recursor cluster
to an out-of-the-box BIND 9.3.2 package on SuSE 10.2 and tcpdumped the
questions to the root-servers.
During the 40 seconds runnning of the test we saw 40 queries for
something ending in .com going to the root-servers. All were answered
correctly with a referral to gtld-servers.net. The behaviour was quite
bursty (15 packets within the first 200ms before the first answer got
in, so that was just parallel probing as long as no referral was known),
but still as far as I got the idea, it should not have sent anything to
the root-servers for .com after that.
Did I understand something wrong? Does anyone have an idea what could
cause this behaviour?
More information about the bind-users