nanog mailing list archives

Re: Intermittent incorrect DNS resolution?

From: Vinny Abello <vinny () abellohome net>
Date: Fri, 18 Jan 2013 17:41:24 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 1/16/2013 7:16 PM, Jay Ashworth wrote:

----- Original Message -----

From: "Erik Levinson" <erik.levinson () uberflip com>

I'm having an unusual DNS problem and would appreciate feedback.

For the zones in question, primary DNS is provided by GoDaddy and
secondary DNS by DNS Made Easy. Over a week ago we made changes to
several A records (including wildcards on two different zones), all
already having a TTL no greater than one hour.

The new IPs on those A records have taken many millions of requests
since the changes. Occasionally, a small amount of traffic appears at
the old IPs that those A records had. This is HTTP traffic. Packet
captures of this traffic show various Host headers.


I'm a touch surprised to find that no one has mentioned the facet of
Windows OSs that requires "ipconfig /flushdns" in some such circumstances...

Not only may *browsers* be caching DNS lookups without regard to TTLs,
the *OS* might be doing it to you too, in circumstances I was never quite
able to get a handle on.

XP was known to do this, as late as SP3; I'm not sure about V or 7.


Just an FYI...

Every version of Windows since Windows 2000 (sans Windows Me) has had the DNS Client service which maintained this 
caching function. This was by design due to the massive dependency on DNS resolution which Active Directory has had 
since its creation. It greatly reduced the amount of repetitive lookups required thereby speeding up AD based functions 
and lessening the load on DNS servers. It still exists today up through Windows 8. You can disable the service, but it 
will also break DDNS updates unless your DHCP server registers hostnames on behalf of your clients.

- -Vinny

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)

iEYEARECAAYFAlD5z5QACgkQUyX7ywEAl3q4BACgtzaKz1U2+kWn9ExJoQaNy7+s
+mIAoLUjActGoFIKNUqzDDpdx14p/X/x
=4qXs
-----END PGP SIGNATURE-----

Current thread:

Re: Intermittent incorrect DNS resolution?, (continued)
- - - Re: Intermittent incorrect DNS resolution? Damian Menscher (Jan 17)
    - Re: Intermittent incorrect DNS resolution? Erik Levinson (Jan 17)
    - Re: Intermittent incorrect DNS resolution? Erik Levinson (Jan 17)
- Re: Intermittent incorrect DNS resolution? William Herrin (Jan 16)
- Re: Intermittent incorrect DNS resolution? Jean-Francois Mezei (Jan 16)
- Re: Intermittent incorrect DNS resolution? Jay Ashworth (Jan 16)
  - Re: Intermittent incorrect DNS resolution? Robert Bonomi (Jan 16)
  - Re: Intermittent incorrect DNS resolution? Vinny Abello (Jan 18)
    - RE: Intermittent incorrect DNS resolution? Keith Medcalf (Jan 19)
    - Re: Intermittent incorrect DNS resolution? Vinny Abello (Jan 20)
  - Re: Intermittent incorrect DNS resolution? Vinny Abello (Jan 18)
    - Re: Intermittent incorrect DNS resolution? Jay Ashworth (Jan 18)
    - Re: Intermittent incorrect DNS resolution? Vinny Abello (Jan 18)
    - Re: Intermittent incorrect DNS resolution? Andrei Ivanov (Jan 18)