[dns-operations] Understanding duplicate DNS requests

Olafur Gudmundsson ogud at ogud.com
Wed Feb 4 06:15:18 UTC 2015

Sorry for the short answer
case 1 and 2. 

“Anycast resolvers” at ISP.
Client issues a query, 
      no answer is returned within X ms, 
 it repeats query hitting a DIFFERENT resolver possibly in different location, 
now it gets the answer to first query 
then it gets the answer to the second query. 

Case 4: Real bad cache refresh code 

Case 3: no clue


> On Feb 3, 2015, at 4:09 PM, Matt Calder <calderm at usc.edu> wrote:
> Apologies, I am very new to DNS administration. My issue is that I have HTTP resource hostnames which are distinct across webpage accesses but are being resolved multiple times, often from LDNS resolvers in different networks. I am trying to understand why this is happening.
> I have a webpage that contains a resource with a unique hostname for each page load that used for some Javascript performance profiling. The hostname is made unique with a standard GUID. During the measurement, the browser should resolve the resource twice; once to induce DNS resolution and the second time to measure performance, assuming the DNS resolution is cached and doesn’t contribute to the end-to-end timing from our measurement.
> In my authoritative DNS logs, I see that there are many duplicate requests coming in for the same unique hostname. The A record TTL is short, only a few minutes and duplicate requests usually happen within seconds of each other. Sometime there are just a few extra, sometimes 10-15. Ideally, I would see only a single request per GUID, but at the moment only 51% of GUIDs see a single request from a single LDNS server. There are a few different patterns I’ve narrowed down and now I’m trying to understand what the possible causes of these duplicate requests are. In some examples, I use specific ISP names but these patterns are pretty common.
> Case 1.
> LDNS servers resolving the same GUID hostname are in different networks. In one case, 3/4 of the duplicates DNS requests come from an AT&T LDNS, the others were from COX.
> Case 2. 
> In all duplicate requests, all LDNS IPs are distinct and belong to Comcast but in different Comcast ASNs. 
> Case 3. 
> Many duplicate requests, all LDNS IPs are the same. 
> Case 4.
> Duplicate request once an hour through the same LDNS. This continues for days. 
> Hypothesis I’ve imagined so far.
> DNS response packets are lost on their way back to the LDNS or to client so are re-requested
> An LDNS may resolve on their own while also forwarding requests to load balanced counterparts or upstream/downstream resolvers to sync caches.  
> Browser/OS DNS cache is full/broken/non-existant so the measurement URLs are re-queried even after the warmup URLs.
> Case 4 just seems like a straight up misbehaving resolver.
> If it helps, I am running BIND 9.9.6. 
> Appreciate any help! Thanks.
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dns-oarc.net/pipermail/dns-operations/attachments/20150204/f6ff8233/attachment.html>

More information about the dns-operations mailing list