<div dir="ltr">Thanks for all the replies!  Seems like I missed it on the Google / Level3 servers since they are anycast and potentially go to different resolvers each time.<div><br><div>-Grant</div></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Sep 3, 2015 at 4:31 AM, Kumar Ashutosh <span dir="ltr"><<a href="mailto:Kumar.Ashutosh@microsoft.com" target="_blank">Kumar.Ashutosh@microsoft.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Windows DNS Servers do implement neg. caching!<br>
<br>
Thanks<br>
Ashu<br>
Program Manager | Windows Networking| DNS & SDN|<br>
<span class=""><br>
<br>
<br>
-----Original Message-----<br>
From: dns-operations [mailto:<a href="mailto:dns-operations-bounces@dns-oarc.net">dns-operations-bounces@dns-oarc.net</a>] On Behalf Of Shane Kerr<br>
Sent: Thursday, September 3, 2015 14:22<br>
To: <a href="mailto:dns-operations@dns-oarc.net">dns-operations@dns-oarc.net</a><br>
Subject: Re: [dns-operations] Usage of dns query negative cache<br>
<br>
Grant,<br>
<br>
On Thu, 3 Sep 2015 00:32:05 -0700<br>
Grant Ridder <<a href="mailto:shortdudey123@gmail.com">shortdudey123@gmail.com</a>> wrote:<br>
<br>
> Anyone know how wide the implementation of RFC2308<br>
</span>> <<a href="https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2ftool" rel="noreferrer" target="_blank">https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2ftool</a><br>
> <a href="http://s.ietf.org" rel="noreferrer" target="_blank">s.ietf.org</a>%2frfc%2frfc2308.txt&data=01%7c01%7caskuma%40064d.mgd.micros<br>
> <a href="http://oft.com" rel="noreferrer" target="_blank">oft.com</a>%7c5431109aa53f43cccb0708d2b43e9c6f%7c72f988bf86f141af91ab2d7cd<br>
> 011db47%7c1&sdata=nMQ1zrc%2b9sLivxyFUFmcxCEnk85bsDKXMlFL9JXxkiw%3d><br>
<span class="">> (Negative Caching of DNS<br>
> Queries) is?  It appears Google and Level3 don't do this on their<br>
> public DNS servers, however, Amazon EC2 dns servers do it.<br>
<br>
Google does use negative caching. It may be hard to spot, because each query to 8.8.8.8 seems to go to a separate cache. From here in Beijing, it looks like there are a half dozen or so resolvers operating, each with separate TTL timers. In busy nodes, Google may run dozens of resolvers (I have no idea, just guessing).<br>
<br>
</span>$ dig @<a href="http://8.8.8.8" rel="noreferrer" target="_blank">8.8.8.8</a> <a href="https://na01.safelinks.protection.outlook.com/?url=bogus.time-travellers.org&data=01%7c01%7caskuma%40064d.mgd.microsoft.com%7c5431109aa53f43cccb0708d2b43e9c6f%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=s0ZJFJ25%2f09SVqBUl%2fYPBCRhgbMM5rOZTTkhCbfA68c%3d" rel="noreferrer" target="_blank">https://na01.safelinks.protection.outlook.com/?url=bogus.time-travellers.org&data=01%7c01%7caskuma%40064d.mgd.microsoft.com%7c5431109aa53f43cccb0708d2b43e9c6f%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=s0ZJFJ25%2f09SVqBUl%2fYPBCRhgbMM5rOZTTkhCbfA68c%3d</a><br>
<span class=""><a href="http://time-travellers.org" rel="noreferrer" target="_blank">time-travellers.org</a>.    599     IN      SOA     ...<br>
</span>$ dig @<a href="http://8.8.8.8" rel="noreferrer" target="_blank">8.8.8.8</a> <a href="https://na01.safelinks.protection.outlook.com/?url=bogus.time-travellers.org&data=01%7c01%7caskuma%40064d.mgd.microsoft.com%7c5431109aa53f43cccb0708d2b43e9c6f%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=s0ZJFJ25%2f09SVqBUl%2fYPBCRhgbMM5rOZTTkhCbfA68c%3d" rel="noreferrer" target="_blank">https://na01.safelinks.protection.outlook.com/?url=bogus.time-travellers.org&data=01%7c01%7caskuma%40064d.mgd.microsoft.com%7c5431109aa53f43cccb0708d2b43e9c6f%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=s0ZJFJ25%2f09SVqBUl%2fYPBCRhgbMM5rOZTTkhCbfA68c%3d</a><br>
<span class=""><a href="http://time-travellers.org" rel="noreferrer" target="_blank">time-travellers.org</a>.    599     IN      SOA     ...   # no negative cache<br>
   ...<br>
<a href="http://time-travellers.org" rel="noreferrer" target="_blank">time-travellers.org</a>.    595     IN      SOA     ...<br>
<a href="http://time-travellers.org" rel="noreferrer" target="_blank">time-travellers.org</a>.    593     IN      SOA     ...<br>
<a href="http://time-travellers.org" rel="noreferrer" target="_blank">time-travellers.org</a>.    587     IN      SOA     ...<br>
<a href="http://time-travellers.org" rel="noreferrer" target="_blank">time-travellers.org</a>.    592     IN      SOA     ...   # different cache<br>
<a href="http://time-travellers.org" rel="noreferrer" target="_blank">time-travellers.org</a>.    570     IN      SOA     ...   # back to another<br>
<br>
This could be mitigated somewhat by using multi-layer caches, but I guess Google decided that it wasn't worth the complexity. (Just guessing again.) I don't recall them publishing anything about this, so I also don't know if this sort of architecture is based on science, specific engineering principles, or just "whatever works". :)<br>
<br>
As far as I know, negative caching is almost universally deployed.<br>
<br>
Cheers,<br>
<br>
--<br>
Shane<br>
_______________________________________________<br>
dns-operations mailing list<br>
<a href="mailto:dns-operations@lists.dns-oarc.net">dns-operations@lists.dns-oarc.net</a><br>
</span><a href="https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2flists.dns-oarc.net%2fmailman%2flistinfo%2fdns-operations&data=01%7c01%7caskuma%40064d.mgd.microsoft.com%7c5431109aa53f43cccb0708d2b43e9c6f%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=3mjL%2fg06849%2be6HEIPodX%2fGgPZLPHAsc52uxGXXNHz8%3d
dns-jobs" rel="noreferrer" target="_blank">https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2flists.dns-oarc.net%2fmailman%2flistinfo%2fdns-operations&data=01%7c01%7caskuma%40064d.mgd.microsoft.com%7c5431109aa53f43cccb0708d2b43e9c6f%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=3mjL%2fg06849%2be6HEIPodX%2fGgPZLPHAsc52uxGXXNHz8%3d<br>
dns-jobs</a> mailing list<br>
<a href="https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2flists.dns-oarc.net%2fmailman%2flistinfo%2fdns-jobs&data=01%7c01%7caskuma%40064d.mgd.microsoft.com%7c5431109aa53f43cccb0708d2b43e9c6f%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=8DLurFVJUJhY0sqOMa6AglLEbZf0uIKkPd4N%2b%2fD%2bIsI%3d" rel="noreferrer" target="_blank">https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2flists.dns-oarc.net%2fmailman%2flistinfo%2fdns-jobs&data=01%7c01%7caskuma%40064d.mgd.microsoft.com%7c5431109aa53f43cccb0708d2b43e9c6f%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=8DLurFVJUJhY0sqOMa6AglLEbZf0uIKkPd4N%2b%2fD%2bIsI%3d</a><br>
<div class="HOEnZb"><div class="h5"><br>
_______________________________________________<br>
dns-operations mailing list<br>
<a href="mailto:dns-operations@lists.dns-oarc.net">dns-operations@lists.dns-oarc.net</a><br>
<a href="https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs" rel="noreferrer" target="_blank">https://lists.dns-oarc.net/mailman/listinfo/dns-operations<br>
dns-jobs</a> mailing list<br>
<a href="https://lists.dns-oarc.net/mailman/listinfo/dns-jobs" rel="noreferrer" target="_blank">https://lists.dns-oarc.net/mailman/listinfo/dns-jobs</a><br>
</div></div></blockquote></div><br></div>