[Dnsmasq-discuss] Two questions about the cache and how dnsmasq forwards queries
simon at thekelleys.org.uk
Tue Feb 16 09:47:31 GMT 2010
>> So there's your problem, the TTL of the first CNAME in the chain is zero,
>> www.google.com. 0 IN CNAME www.l.google.com.>
>> Strange, when I do the same thing (via my ISPs server) I get
>> ;; ANSWER SECTION:
>> www.google.com. 9620 IN CNAME www.l.google.com.
>> www.l.google.com. 220 IN CNAME www-tmmdi.l.google.com.
>> www-tmmdi.l.google.com. 53 IN A 126.96.36.199
>> Maybe your ISPs DNS server is playing games?
>> A nameserver which takes less than three seconds to answer would
>> solve all your problems. If that's caused by latency in the link to
>> your ISP, traffic shaping will help a lot. If the problem is with
>> the server (and it's messing with TTLs too), then either shout at
>> your ISP or maybe use openDNS or Google's public DNS service?
> I think my ISP also REDIRECTs DNS traffic to their nameservers, since, I
> get the same result using google public dns service. (and this doesn't
> happen @home with an other ISP).
> Well, this is going to be... fun!
> One bonus question though: how come they're able to modify the TTL of some
> CNAMEs? Is that a bug or... a feature (of some software)?
> The only thing I've been able to find is a message in the namedroppers ML
> statuing CNAME TTL should probably be equal to DNAME TTL...
> As an additionnal hint, when using tcp queries, I get 'normal' CNAME TTL:
> dig @188.8.131.52 www.google.com | grep CNAME
> www.google.com. 0 IN CNAME www.l.google.com.
> dig @184.108.40.206 www.google.com +tcp | grep CNAME
> www.google.com. 603696 IN CNAME www.l.google.com.
> but it only works when using other nameservers than those of my ISP, so I
> guess the problem is on my ISP nameservers and they only redirect udp
> port 53 traffic to them. Does it sounds realistic?
Very realistic. I can see why an ISP would make all traffic for port 53
go to their nameservers (to reduce external traffic) and I can see that
they might forget/omit to redirect TCP. I don't understand why they
would mess with CNAME TTLs, but there's no reason why software to do it
couldn't be written.
More information about the Dnsmasq-discuss