[dns-operations] Forcing BIND to randomly expire records from cache ahead of time

[Mark Pettit]

Hi, folks.

I have an issue with BIND cache timeouts, and I was hoping someone else
might have some idea how to fix this.

Here's the situation: we have a large number of servers that do a huge
number of DNS lookups at the top of every minute. The TTL for the records
they're looking up is 3600.

What we've noticed is that on a host with a recently-restarted copy of
BIND, we see huge spikes in DNS latency every 61 minutes. This makes
logical sense, given the behavior of the DNS lookups.

What is more interesting is that on hosts that have been running BIND for a
very long time (on the order of months), the spikiness is not visible.

Our speculation is that over time, due to the interaction between the 3600
TTL and the "once every minute" lookup behavior, cache misses become
randomly distributed throughout the hour, and don't cause the spiky
behavior that is observed initially.

One of our ideas to resolve this is to randomize the TTLs in the zone
files, causing them to expire out of cache at different times, thus forcing
more-rapid distribution of cache misses across the hour.

However, this would involve some massive edits to our zone files, and isn't
really ideal.

What *would* be ideal would be if we could tell BIND to randomly expire
some small percentage of cached entries ahead of the actual TTL expiration.
This would serve the same purpose as assigning "random" TTLs to the actual
records in the zone files.

Does BIND have a config option like this? Has anyone else ever encountered
this issue, and if so, how did you address it?

Thanks for any advice, and I hope everyone has a fantastic Fourth of July
weekend.

Mark Pettit
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20140703/807647f4/attachment.html>