[dns-operations] Understanding duplicate DNS requests

Matt Calder calderm at usc.edu
Tue Feb 3 21:09:13 UTC 2015 

Apologies, I am very new to DNS administration. My issue is that I have
HTTP resource hostnames which are distinct across webpage accesses but are
being resolved multiple times, often from LDNS resolvers in different
networks. I am trying to understand why this is happening.

I have a webpage that contains a resource with a unique hostname for each
page load that used for some Javascript performance profiling. The hostname
is made unique with a standard GUID. During the measurement, the browser
should resolve the resource twice; once to induce DNS resolution and the
second time to measure performance, assuming the DNS resolution is cached
and doesn’t contribute to the end-to-end timing from our measurement.

In my authoritative DNS logs, I see that there are many duplicate requests
coming in for the same unique hostname. The A record TTL is short, only a
few minutes and duplicate requests usually happen within seconds of each
other. Sometime there are just a few extra, sometimes 10-15. Ideally, I
would see only a single request per GUID, but at the moment only 51% of
GUIDs see a single request from a single LDNS server. There are a few
different patterns I’ve narrowed down and now I’m trying to understand what
the possible causes of these duplicate requests are. In some examples, I
use specific ISP names but these patterns are pretty common.

*Case 1.*

LDNS servers resolving the same GUID hostname are in different networks. In
one case, 3/4 of the duplicates DNS requests come from an AT&T LDNS, the
others were from COX.

*Case 2.*

In all duplicate requests, all LDNS IPs are distinct and belong to Comcast
but in different Comcast ASNs.

*Case 3.*

Many duplicate requests, all LDNS IPs are the same.

*Case 4.*

Duplicate request once an hour through the same LDNS. This continues for
days.


*Hypothesis I’ve imagined so far.*

   - DNS response packets are lost on their way back to the LDNS or to
   client so are re-requested
   - An LDNS may resolve on their own while also forwarding requests to
   load balanced counterparts or upstream/downstream resolvers to sync caches.

   - Browser/OS DNS cache is full/broken/non-existant so the measurement
   URLs are re-queried even after the warmup URLs.
   - Case 4 just seems like a straight up misbehaving resolver.

If it helps, I am running BIND 9.9.6.

Appreciate any help! Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20150203/2aba432e/attachment.html>

More information about the dns-operations mailing list