<br><br>On Friday, July 4, 2014, Warren Kumari <<a href="mailto:warren@kumari.net">warren@kumari.net</a>> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
On Thu, Jul 3, 2014 at 6:04 PM, Tim Wicinski <<a href="javascript:;" onclick="_e(event, 'cvml', 'tjw.ietf@gmail.com')">tjw.ietf@gmail.com</a>> wrote:<br>
><br>
> Mark<br>
><br>
> Unbound has this feature, but its' a % of the TTL (oh they may of changed<br>
> this).<br>
><br>
> You may be also interested in this idea which was floated during IETF, and<br>
> not rejected, just a small sliver of useful customer base:<br>
><br>
> <a href="http://tools.ietf.org/id/draft-wkumari-dnsop-hammer-00.txt" target="_blank">http://tools.ietf.org/id/draft-wkumari-dnsop-hammer-00.txt</a><br>
<br>
... and, almost exactly one year later, we are *finally* rev'ing that<br>
document (I just edited it this afternoon, Suzanne is giving it the<br>
once over as we speak, and we are planning on submitting in the next<br>
hour (you know, just before the draft cutoff :-) - “I love deadlines.<br>
I love the whooshing noise they make as they go by.” — Douglas Adams,<br>
The Salmon of Doubt )<br>
<br>
The new version mainly described the general concept, and that<br>
OpenDNS, Unbound and BIND 10 do something like this. In a somewhat<br>
contrived bit of writing, it also manages to keep the "Stop! Hammer<br>
time!" references...<br>
<br></blockquote><div><br></div><div>... and we managed to squeeze it in under the deadline. I did (of course) mean BIND 9.10 in the previous mail, and not BIND 10, which is a whole different kettle of fish. That'll teach me to write mail inna rush...</div>
<div><br></div><div>W<span></span></div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
W<br>
<br>
<br>
><br>
><br>
><br>
> On 7/3/14 5:06 PM, Mark Pettit wrote:<br>
>><br>
>> Hi, folks.<br>
>><br>
>> I have an issue with BIND cache timeouts, and I was hoping someone else<br>
>> might have some idea how to fix this.<br>
>><br>
>> Here's the situation: we have a large number of servers that do a huge<br>
>> number of DNS lookups at the top of every minute. The TTL for the<br>
>> records they're looking up is 3600.<br>
>><br>
>> What we've noticed is that on a host with a recently-restarted copy of<br>
>> BIND, we see huge spikes in DNS latency every 61 minutes. This makes<br>
>> logical sense, given the behavior of the DNS lookups.<br>
>><br>
>> What is more interesting is that on hosts that have been running BIND<br>
>> for a very long time (on the order of months), the spikiness is not<br>
>> visible.<br>
>><br>
>> Our speculation is that over time, due to the interaction between the<br>
>> 3600 TTL and the "once every minute" lookup behavior, cache misses<br>
>> become randomly distributed throughout the hour, and don't cause the<br>
>> spiky behavior that is observed initially.<br>
>><br>
>> One of our ideas to resolve this is to randomize the TTLs in the zone<br>
>> files, causing them to expire out of cache at different times, thus<br>
>> forcing more-rapid distribution of cache misses across the hour.<br>
>><br>
>> However, this would involve some massive edits to our zone files, and<br>
>> isn't really ideal.<br>
>><br>
>> What *would* be ideal would be if we could tell BIND to randomly expire<br>
>> some small percentage of cached entries ahead of the actual TTL<br>
>> expiration. This would serve the same purpose as assigning "random" TTLs<br>
>> to the actual records in the zone files.<br>
>><br>
>> Does BIND have a config option like this? Has anyone else ever<br>
>> encountered this issue, and if so, how did you address it?<br>
>><br>
>> Thanks for any advice, and I hope everyone has a fantastic Fourth of<br>
>> July weekend.<br>
>><br>
>> Mark Pettit<br>
>><br>
>><br>
>><br>
>> _______________________________________________<br>
>> dns-operations mailing list<br>
>> <a href="javascript:;" onclick="_e(event, 'cvml', 'dns-operations@lists.dns-oarc.net')">dns-operations@lists.dns-oarc.net</a><br>
>> <a href="https://lists.dns-oarc.net/mailman/listinfo/dns-operations" target="_blank">https://lists.dns-oarc.net/mailman/listinfo/dns-operations</a><br>
>> dns-jobs mailing list<br>
>> <a href="https://lists.dns-oarc.net/mailman/listinfo/dns-jobs" target="_blank">https://lists.dns-oarc.net/mailman/listinfo/dns-jobs</a><br>
>><br>
> _______________________________________________<br>
> dns-operations mailing list<br>
> <a href="javascript:;" onclick="_e(event, 'cvml', 'dns-operations@lists.dns-oarc.net')">dns-operations@lists.dns-oarc.net</a><br>
> <a href="https://lists.dns-oarc.net/mailman/listinfo/dns-operations" target="_blank">https://lists.dns-oarc.net/mailman/listinfo/dns-operations</a><br>
> dns-jobs mailing list<br>
> <a href="https://lists.dns-oarc.net/mailman/listinfo/dns-jobs" target="_blank">https://lists.dns-oarc.net/mailman/listinfo/dns-jobs</a><br>
</blockquote>