<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Helvetica;
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:Helvetica;
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.yiv5613757701msonormal, li.yiv5613757701msonormal, div.yiv5613757701msonormal
{mso-style-name:yiv5613757701msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
p.yiv5613757701msochpdefault, li.yiv5613757701msochpdefault, div.yiv5613757701msochpdefault
{mso-style-name:yiv5613757701msochpdefault;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
span.yiv5613757701msohyperlink
{mso-style-name:yiv5613757701msohyperlink;}
span.yiv5613757701msohyperlinkfollowed
{mso-style-name:yiv5613757701msohyperlinkfollowed;}
span.yiv5613757701emailstyle17
{mso-style-name:yiv5613757701emailstyle17;}
p.yiv5613757701msonormal1, li.yiv5613757701msonormal1, div.yiv5613757701msonormal1
{mso-style-name:yiv5613757701msonormal1;
margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
span.yiv5613757701msohyperlink1
{mso-style-name:yiv5613757701msohyperlink1;
color:#0563C1;
text-decoration:underline;}
span.yiv5613757701msohyperlinkfollowed1
{mso-style-name:yiv5613757701msohyperlinkfollowed1;
color:#954F72;
text-decoration:underline;}
span.yiv5613757701emailstyle171
{mso-style-name:yiv5613757701emailstyle171;
font-family:"Calibri","sans-serif";
color:windowtext;}
p.yiv5613757701msochpdefault1, li.yiv5613757701msochpdefault1, div.yiv5613757701msochpdefault1
{mso-style-name:yiv5613757701msochpdefault1;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Calibri","sans-serif";}
span.EmailStyle27
{mso-style-type:personal-reply;
color:black;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#002060">Right, we know how hints files are used, but I think you guys may be missing the underlying conundrum: why is named querying the NS records of the root zone
more often than the TTL of that RRset? See that there is a “NS? .” query at </span>
<span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#002060">15:36:44 and then another one at 15:45:52. At 15:45:52 it should have answered its client from the data it cached from the answer to the 15:36:44 query (less than 10 minutes previous).<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#002060"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#002060">Is named not seeing a response from the root servers in question? Is the max-cache-ttl being capped at a ridiculously-small value?<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#002060"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#002060">The NS queries of other names besides “.” itself are red herrings. They are all unique names – dot-terminated octet strings, names in the “.mr” TLD, “comp-HP.”
-- and we wouldn’t expect them to have been cached previously. But an answer to “NS? .” should be cached for *<b>days</b>*, not just a few minutes.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#002060"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#002060">I’m speculating that this might not be a pure “caching DNS server” after all; it might be a forwarder with “forward first” defined. In that case, if the forwarding
path experiences occasional delays, then named will fail over to trying iterative resolution, and if the routing and/or firewall rules were never set up to allow that, then the symptoms would be as documented, since named would never get a response from the
root servers. General rule: use “forward only” if you must use forwarders *<b>exclusively</b>*; “forward first” is only for *<b>opportunistic</b>* forwarding, where you still have the ability to fall back to iterative resolution, if and when necessary. (Personally,
I’m not much of a fan of “forward first”, since it rarely if ever produces the performance benefit expected, or, even if it lowers the
<b>average </b>query latency, it does so at the expense of the <b>worst-case</b> latency -- cache miss plus slow authoritative nameservers and/or misconfigured delegations -- and it’s worst-case that causes apps to time out, to break, and ultimately, users
to show up bearing pitchforks and burning oil).<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#002060"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#002060">
- Kevin<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> bind-users-bounces@lists.isc.org [mailto:bind-users-bounces@lists.isc.org]
<b>On Behalf Of </b>Leonard Mills<br>
<b>Sent:</b> Monday, June 15, 2015 3:05 PM<br>
<b>To:</b> Gaurav Kansal; bind-users@lists.isc.org<br>
<b>Subject:</b> Re: Automatic . NS queries from BIND<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div id="yui_3_16_0_1_1434394331710_8231">
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica","sans-serif";color:black">The hints hopefully point eventually to an authoritative server for ".".
<o:p></o:p></span></p>
</div>
<div id="yui_3_16_0_1_1434394331710_8232">
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica","sans-serif";color:black">Whatever that authoritative server says overrides any hints, just like any other zone's authoritative NS. It does not matter how obsolete a delegation
is, so long as some authoritative NS replies, the data from the delegation (hints) no longer matters.<o:p></o:p></span></p>
</div>
<div id="yui_3_16_0_1_1434394331710_8422">
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica","sans-serif";color:black"><o:p> </o:p></span></p>
</div>
<div id="yui_3_16_0_1_1434394331710_8426">
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica","sans-serif";color:black">HtH<o:p></o:p></span></p>
</div>
<div id="yui_3_16_0_1_1434394331710_8424">
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica","sans-serif";color:black">Len<o:p></o:p></span></p>
</div>
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica","sans-serif";color:black"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt;background:white"><span style="font-family:"Helvetica","sans-serif";color:black"><o:p> </o:p></span></p>
</div>
<div>
<div>
<div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:black">On Monday, June 15, 2015 6:14 AM, Gaurav Kansal <<a href="mailto:gaurav.kansal@nic.in">gaurav.kansal@nic.in</a>> wrote:</span><span style="font-family:"Helvetica","sans-serif";color:black"><o:p></o:p></span></p>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt;background:white"><span style="font-family:"Helvetica","sans-serif";color:black"><o:p> </o:p></span></p>
<div>
<div id="yiv5613757701">
<div>
<div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica","sans-serif";color:black">Dear Team,<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica","sans-serif";color:black"> <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica","sans-serif";color:black">My caching DNS server is generating log of . NS queries to ROOT Servers.
<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica","sans-serif";color:black">I have a hint file in my bind configuration and the same is up-to date.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica","sans-serif";color:black"> <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica","sans-serif";color:black">The same behavior is occurring in multiple versions of BIND (tested on 9.7, 9.9 and on 9.10).<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica","sans-serif";color:black"> <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica","sans-serif";color:black">It must be for some purpose (may be BIND doesn’t trust hint file and cross check it from root servers).<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica","sans-serif";color:black">Can anyone put some light on this.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica","sans-serif";color:black"> <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica","sans-serif";color:black"> <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><u><span style="font-family:"Helvetica","sans-serif";color:black">Sample tcpdump output :-</span></u><span style="font-family:"Helvetica","sans-serif";color:black"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica","sans-serif";color:black">15:36:42.440831 IP anydnsmby.27938 > k.root-servers.net.domain: 38907 [1au] NS? . (28)<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica","sans-serif";color:black">15:36:43.241203 IP anydnsmby.52261 > f.root-servers.net.domain: 3841 [1au] NS? . (28)<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica","sans-serif";color:black">15:36:43.624041 IP anydnsmby.48889 > k.root-servers.net.domain: 6314 [1au] NS? . (28)<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica","sans-serif";color:black">15:36:44.424047 IP anydnsmby.65507 > c.root-servers.net.domain: 27973 [1au] NS? . (28)<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica","sans-serif";color:black">15:37:42.071574 IP anydnsmby.38958 > i.root-servers.net.domain: 53519 [1au] NS? 117.240.177.150. (44)<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica","sans-serif";color:black">15:40:11.121122 IP anydnsmby.7941 > i.root-servers.net.domain: 62400 [1au] NS? 1.mr. (33)<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica","sans-serif";color:black">15:45:52.780062 IP anydnsmby.49432 > e.root-servers.net.domain: 54241+ [1au] NS? . (28)<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica","sans-serif";color:black">15:45:59.341780 IP anydnsmby.34368 > e.root-servers.net.domain: 55928+ [1au] NS? . (28)<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica","sans-serif";color:black">15:46:04.487088 IP anydnsmby.35621 > e.root-servers.net.domain: 7266+ [1au] NS? . (28)<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica","sans-serif";color:black">15:46:35.453029 IP anydnsmby.62875 > i.root-servers.net.domain: 4129 [1au] NS? comp-HP. (36)<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica","sans-serif";color:black">16:16:13.747955 IP anydnsmby.39690 > a.root-servers.net.domain: 8774+ [1au] NS? . (28)<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica","sans-serif";color:black">16:16:20.845363 IP anydnsmby.36994 > e.root-servers.net.domain: 63433+ [1au] NS? . (28)<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica","sans-serif";color:black">16:16:36.746049 IP anydnsmby.42878 > a.root-servers.net.domain: 48439+ [1au] NS? . (28)<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica","sans-serif";color:black">16:16:42.060534 IP anydnsmby.41018 > j.root-servers.net.domain: 5347+ [1au] NS? . (28)<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica","sans-serif";color:black">16:16:49.081649 IP anydnsmby.53661 > e.root-servers.net.domain: 54768+ [1au] NS? . (28)<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica","sans-serif";color:black">16:51:14.034065 IP anydnsmby.38025 > k.root-servers.net.domain: 52771 [1au] NS? 116.73.202.141. (43)<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica","sans-serif";color:black">16:51:14.835539 IP anydnsmby.19616 > i.root-servers.net.domain: 14926 [1au] NS? 116.73.202.141. (43)<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica","sans-serif";color:black">17:25:16.706395 IP anydnsmby.58045 > i.root-servers.net.domain: 30880 [1au] NS? 2.mr. (33)<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica","sans-serif";color:black">17:25:16.707072 IP anydnsmby.38495 > i.root-servers.net.domain: 43451 [1au] NS? 6.mr. (33)<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica","sans-serif";color:black">17:25:16.707989 IP anydnsmby.35834 > i.root-servers.net.domain: 61843 [1au] NS? 3.mr. (33)<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica","sans-serif";color:black">17:56:44.855060 IP anydnsmby.61903 > a.root-servers.net.domain: 23284 [1au] NS? 172.192.168.2. (42)<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica","sans-serif";color:black"> <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica","sans-serif";color:black">Regards,<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-family:"Helvetica","sans-serif";color:black">Gaurav Kansal<o:p></o:p></span></p>
</div>
</div>
</div>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt;background:white"><span style="font-family:"Helvetica","sans-serif";color:black"><br>
_______________________________________________<br>
Please visit <a href="https://lists.isc.org/mailman/listinfo/bind-users" target="_blank">
https://lists.isc.org/mailman/listinfo/bind-users </a>to unsubscribe from this list<br>
<br>
bind-users mailing list<br>
<a href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a><br>
<a href="https://lists.isc.org/mailman/listinfo/bind-users" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a><o:p></o:p></span></p>
</div>
</div>
</div>
</div>
</div>
</div>
</body>
</html>