[dns-operations] Can a 1s TTL cause weird failures?

Mark K. Pettit pettit at yahoo-inc.com
Tue Jun 5 03:04:54 UTC 2007


I'm having a problem with some of my servers in the SF Bay Area not 
being able to look up the MX record for the zone "weckerphoto.co.uk.". 
Below is a complete tcpdump record of the packets that go back and forth 
during the attempt.

I'm logged into my recursive DNS server.

[r0-66:~]$ dig @127.0.0.1 weckerphoto.co.uk. mx

; <<>> DiG 8.3 <<>> @127.0.0.1 weckerphoto.co.uk. mx
; (1 server found)
;; res options: init recurs defnam dnsrch
19:48:48.402533 66.218.66.112.33701 > 212.121.40.130.53:  55962 [1au] A? 
dns03.1stdomains.co.uk. (51)
19:48:48.402585 66.218.66.112.33701 > 212.121.40.130.53:  42665 [1au] A? 
ns03.1stdomains.co.uk. (50)
19:48:48.402627 66.218.66.112.33701 > 212.121.40.130.53:  24761 [1au] 
MX? weckerphoto.co.uk. (46)
19:48:48.568601 212.121.40.130.53 > 66.218.66.112.33701:  55962- 0/2/3 
(131) (DF)
19:48:48.568761 212.121.40.130.53 > 66.218.66.112.33701:  42665- 0/2/3 
(130) (DF)
19:48:48.568771 212.121.40.130.53 > 66.218.66.112.33701:  24761- 0/2/1 
(96) (DF)
19:48:48.568799 66.218.66.112.33701 > 81.19.63.101.53:  6345 [1au] A? 
dns03.1stdomains.co.uk. (51)
19:48:48.568849 66.218.66.112.33701 > 81.19.63.101.53:  6356 [1au] A? 
ns03.1stdomains.co.uk. (50)
19:48:48.716361 81.19.63.101.53 > 66.218.66.112.33701:  6345*- 1/2/3 A 
81.19.63.150 (147) (DF)
19:48:48.716508 81.19.63.101.53 > 66.218.66.112.33701:  6356*- 1/2/3 A 
81.19.63.151 (146) (DF)
19:48:53.406873 66.218.66.112.33701 > 204.74.113.44.53:  39173 [1au] A? 
dns03.1stdomains.co.uk. (51)
19:48:53.406919 66.218.66.112.33701 > 204.74.113.44.53:  48393 [1au] A? 
ns03.1stdomains.co.uk. (50)
19:48:53.406961 66.218.66.112.33701 > 204.74.113.44.53:  20944 [1au] MX? 
weckerphoto.co.uk. (46)
19:48:53.411291 204.74.113.44.53 > 66.218.66.112.33701:  20944- 0/2/1 
(96) (DF)
19:48:53.412023 204.74.113.44.53 > 66.218.66.112.33701:  39173- 0/2/3 
(131) (DF)
19:48:53.412029 204.74.113.44.53 > 66.218.66.112.33701:  48393- 0/2/3 
(130) (DF)
19:48:53.412122 66.218.66.112.33701 > 88.208.202.90.53:  58020 [1au] A? 
dns03.1stdomains.co.uk. (51)
19:48:53.412173 66.218.66.112.33701 > 88.208.202.90.53:  26171 [1au] A? 
ns03.1stdomains.co.uk. (50)
19:48:53.573975 88.208.202.90.53 > 66.218.66.112.33701:  58020*- 1/2/3 A 
81.19.63.150 (147) (DF)
19:48:53.573982 88.208.202.90.53 > 66.218.66.112.33701:  26171*- 1/2/3 A 
81.19.63.151 (146) (DF)
;; res_nsend: Operation timed out
[r0-66:~]$

You might notice that it immediately issues three queries.  Two are for 
the A records of weckerphoto's authoritative servers.  In addition, it 
asks one of the co.uk. auth servers for the MX record.  It gets 
referrals back from all three queries.

Then it asks 1stdomains.co.uk.'s auth servers for the A records for 
"{d,}ns03.1stdomains.co.uk.".  It gets a response back, and then just 
hangs; no further action occurs.

Note particularly that even though it finds out what the A record for 
{d,}ns03.1stdomains.co.uk are, it never queries them about 
weckerphoto.co.uk.

My suspicion is that this is happening because the TTL on the A records 
for {d,}ns03.1stdomains.co.uk is extremely low:

;; ANSWER SECTION:
dns03.1stdomains.co.uk.  1S IN A  81.19.63.150

;; ANSWER SECTION:
ns03.1stdomains.co.uk.  1S IN A         81.19.63.151

My nameserver is BIND 8.4.6.

Does anyone have any ideas on what might be going on here?

Mark K. Pettit
pettit at yahoo-inc.com
DNS Administrator
Yahoo!, Inc.




More information about the dns-operations mailing list