[dns-operations] Usage of dns query negative cache

Grant Ridder shortdudey123 at gmail.com
Thu Sep 3 15:55:30 UTC 2015


Thanks for all the replies!  Seems like I missed it on the Google / Level3
servers since they are anycast and potentially go to different resolvers
each time.

-Grant

On Thu, Sep 3, 2015 at 4:31 AM, Kumar Ashutosh <Kumar.Ashutosh at microsoft.com
> wrote:

> Windows DNS Servers do implement neg. caching!
>
> Thanks
> Ashu
> Program Manager | Windows Networking| DNS & SDN|
>
>
>
> -----Original Message-----
> From: dns-operations [mailto:dns-operations-bounces at dns-oarc.net] On
> Behalf Of Shane Kerr
> Sent: Thursday, September 3, 2015 14:22
> To: dns-operations at dns-oarc.net
> Subject: Re: [dns-operations] Usage of dns query negative cache
>
> Grant,
>
> On Thu, 3 Sep 2015 00:32:05 -0700
> Grant Ridder <shortdudey123 at gmail.com> wrote:
>
> > Anyone know how wide the implementation of RFC2308
> > <https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2ftool
> > s.ietf.org%2frfc%2frfc2308.txt&data=01%7c01%7caskuma%40064d.mgd.micros
> > oft.com%7c5431109aa53f43cccb0708d2b43e9c6f%7c72f988bf86f141af91ab2d7cd
> > 011db47%7c1&sdata=nMQ1zrc%2b9sLivxyFUFmcxCEnk85bsDKXMlFL9JXxkiw%3d>
> > (Negative Caching of DNS
> > Queries) is?  It appears Google and Level3 don't do this on their
> > public DNS servers, however, Amazon EC2 dns servers do it.
>
> Google does use negative caching. It may be hard to spot, because each
> query to 8.8.8.8 seems to go to a separate cache. From here in Beijing, it
> looks like there are a half dozen or so resolvers operating, each with
> separate TTL timers. In busy nodes, Google may run dozens of resolvers (I
> have no idea, just guessing).
>
> $ dig @8.8.8.8
> https://na01.safelinks.protection.outlook.com/?url=bogus.time-travellers.org&data=01%7c01%7caskuma%40064d.mgd.microsoft.com%7c5431109aa53f43cccb0708d2b43e9c6f%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=s0ZJFJ25%2f09SVqBUl%2fYPBCRhgbMM5rOZTTkhCbfA68c%3d
> time-travellers.org.    599     IN      SOA     ...
> $ dig @8.8.8.8
> https://na01.safelinks.protection.outlook.com/?url=bogus.time-travellers.org&data=01%7c01%7caskuma%40064d.mgd.microsoft.com%7c5431109aa53f43cccb0708d2b43e9c6f%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=s0ZJFJ25%2f09SVqBUl%2fYPBCRhgbMM5rOZTTkhCbfA68c%3d
> time-travellers.org.    599     IN      SOA     ...   # no negative cache
>    ...
> time-travellers.org.    595     IN      SOA     ...
> time-travellers.org.    593     IN      SOA     ...
> time-travellers.org.    587     IN      SOA     ...
> time-travellers.org.    592     IN      SOA     ...   # different cache
> time-travellers.org.    570     IN      SOA     ...   # back to another
>
> This could be mitigated somewhat by using multi-layer caches, but I guess
> Google decided that it wasn't worth the complexity. (Just guessing again.)
> I don't recall them publishing anything about this, so I also don't know if
> this sort of architecture is based on science, specific engineering
> principles, or just "whatever works". :)
>
> As far as I know, negative caching is almost universally deployed.
>
> Cheers,
>
> --
> Shane
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
>
> https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2flists.dns-oarc.net%2fmailman%2flistinfo%2fdns-operations&data=01%7c01%7caskuma%40064d.mgd.microsoft.com%7c5431109aa53f43cccb0708d2b43e9c6f%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=3mjL%2fg06849%2be6HEIPodX%2fGgPZLPHAsc52uxGXXNHz8%3d
> dns-jobs mailing list
>
> https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2flists.dns-oarc.net%2fmailman%2flistinfo%2fdns-jobs&data=01%7c01%7caskuma%40064d.mgd.microsoft.com%7c5431109aa53f43cccb0708d2b43e9c6f%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=8DLurFVJUJhY0sqOMa6AglLEbZf0uIKkPd4N%2b%2fD%2bIsI%3d
>
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20150903/e0321808/attachment.html>


More information about the dns-operations mailing list