frequent queries to root servers

Darcy Kevin (FCA) kevin.darcy at
Tue Jan 26 23:36:11 UTC 2016

Well, when I queried the name, I got a CNAME chain where all of the links in the chain had TTLs of 300 seconds or less: 43 IN CNAME 300 IN CNAME 46 IN CNAME 20      IN      A

Now, the Authority Section had NS records for, but that doesn't help mitigate future queries for {whatever}, {whatever} or {whatever}, so repeated queries of the same name will need to go back up to the roots again, whenever the TTLs expire (assuming nothing else queried names *directly* in those domains, or intermediate domains, through the same recursive resolver and thus populated relevant NS records).

Yet another reason why chained CNAMEs are bad. But, it's hard to argue with a successful company whose whole business model is based on chaining CNAMEs. Who ever knew that violating Internet standards and/or best practices could be so profitable?

													- Kevin

-----Original Message-----
From: bind-users-bounces at [mailto:bind-users-bounces at] On Behalf Of HONTVÁRI Levente
Sent: Tuesday, January 26, 2016 9:07 AM
To: bind-users at
Subject: frequent queries to root servers

Hi All,

I assumed that the root servers are only queried a few times a week (corresponding to the number of top level domains). The logs show a different picture, Queries to the root servers are quite frequent. What am I missing?

I have attached a dnstop screen (local network traffic was filtered out), after running for about 2 hours. I also attached a log extract about a single query from resolved by, which involves a query to the root servers. I notice that there is a DS record query before the root server query, but otherwise I do not see anything strange.

I have an almost stock Bind 9.9.5 resolver configuration on an Ubuntu server.


More information about the bind-users mailing list