frequent queries to root servers

Reindl Harald h.reindl at
Tue Jan 26 23:46:07 UTC 2016

Am 27.01.2016 um 00:36 schrieb Darcy Kevin (FCA):
> Well, when I queried the name, I got a CNAME chain where all of the links in the chain had TTLs of 300 seconds or less:
> 300 IN CNAME
> 20      IN      A
> Now, the Authority Section had NS records for, but that doesn't help mitigate future queries for {whatever}, {whatever} or {whatever}, so repeated queries of the same name will need to go back up to the roots again, whenever the TTLs expire (assuming nothing else queried names *directly* in those domains, or intermediate domains, through the same recursive resolver and thus populated relevant NS records).
> Yet another reason why chained CNAMEs are bad. But, it's hard to argue with a successful company whose whole business model is based on chaining CNAMEs. Who ever knew that violating Internet standards and/or best practices could be so profitable?

violating what? complain at the vendor of your DNS cache or the device 
doing "DNS ALG" in front of you!

;; ANSWER SECTION: 3581 IN CNAME 281 IN CNAME 281 IN CNAME 1       IN      A

;; ANSWER SECTION: 3580 IN CNAME 280 IN CNAME 280 IN CNAME 0       IN      A

;; ANSWER SECTION: 3579 IN CNAME 279 IN CNAME 279 IN CNAME 17      IN      A

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the bind-users mailing list