Hi,
Following some tests on prefetch (used bind 9.10.5 on RHEL 6), I noticed some different behavior :
First step : bind configured as resolver :
Everthing looks fine, prefetch is triggered on time as expected, the TTL is updated… (used defaut config prefetch 2 9; )
Wanted to know if prefetch is also used/triggered on forwarders (did not find any documentation about that point).
Added a forwarders entry in options :
forwarders {
10.70.23.69;
};
forward only;
};
Performed same tests (see below):
Used the domain www.tf1.fr (which has a 20 sec TTL on last entry)
[root@indnsas68i etc]# dig @0 www.tf1.fr
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.1 <<>> @0 www.tf1.fr
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30598
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.tf1.fr.
IN A
;; ANSWER SECTION:
www.tf1.fr. 883 IN CNAME www.tf1.fr.edgekey.net.
www.tf1.fr.edgekey.net. 583 IN CNAME e8375.g.akamaiedge.net.
e8375.g.akamaiedge.net. 3 IN A 23.200.162.16
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(0.0.0.0)
;; WHEN: Mon Oct 9 16:48:40 2017
;; MSG SIZE rcvd: 113
[root@indnsas68i etc]# dig @0 www.tf1.fr
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.1 <<>> @0 www.tf1.fr
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17557
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.tf1.fr. IN A
;; ANSWER SECTION:
www.tf1.fr. 882 IN CNAME www.tf1.fr.edgekey.net.
www.tf1.fr.edgekey.net. 582 IN CNAME e8375.g.akamaiedge.net.
e8375.g.akamaiedge.net.
2 IN A 23.200.162.16
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(0.0.0.0)
;; WHEN: Mon Oct 9
16:48:41 2017 => this timing corresponds to the prefetch starting point. (below the tcpdump on that timing)
;; MSG SIZE rcvd: 113
[root@indnsas68i etc]# dig @0 www.tf1.fr
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.1 <<>> @0 www.tf1.fr
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44921
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.tf1.fr.
IN A
;; ANSWER SECTION:
www.tf1.fr. 881 IN CNAME www.tf1.fr.edgekey.net.
www.tf1.fr.edgekey.net. 581 IN CNAME e8375.g.akamaiedge.net.
e8375.g.akamaiedge.net.
1 IN A 23.200.162.16
=> entry Not updated
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(0.0.0.0)
;; WHEN: Mon Oct 9
16:48:42 2017
;; MSG SIZE rcvd: 113
[root@indnsas68i etc]# dig @0 www.tf1.fr
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.1 <<>> @0 www.tf1.fr
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17028
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.tf1.fr.
IN A
;; ANSWER SECTION:
www.tf1.fr. 880 IN CNAME www.tf1.fr.edgekey.net.
www.tf1.fr.edgekey.net. 580 IN CNAME e8375.g.akamaiedge.net.
e8375.g.akamaiedge.net.
20 IN A 23.200.162.16
=> entry updated only after TTL has expired
;; Query time: 2 msec
;; SERVER: 127.0.0.1#53(0.0.0.0)
;; WHEN: Mon Oct 9
16:48:43 2017
;; MSG SIZE rcvd: 113
Same analysis with tcpdump :
[root@indnsas68i ~]# tcpdump -i eth1 port 53
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes
16:48:41.158280
IP indnsas68i-de.59990 > 10.70.23.67.domain: 614+ [1au] A? e8375.g.akamaiedge.net. (51)
=> this looks like the prefetch request (associated timing)
16:48:41.158527
IP 10.70.23.67.domain > indnsas68i-de.59990: 614 1/0/1 A 23.200.162.16 (67) <= prefetch response … but does not seems to be used by resolver when configured with forwarders
16:48:43.286217
IP indnsas68i-de.25710 > 10.70.23.67.domain: 33368+ [1au] A? e8375.g.akamaiedge.net. (51) => TTL expiration in cache (2 seconds after), new request
is made..
16:48:43.288298
IP 10.70.23.67.domain > indnsas68i-de.25710: 33368 1/0/1 A 23.200.162.16 (67) <= this answer is seems to be used.
What should be the expected behavior in that case?
It seems that prefetch is triggered, but answer is not taken into account.
This behavior is only when forwarders is added to the resolver configuration. (otherwise everything is working well).
Feel free to send me any further question if needed, I’ll be happy to provide some more details if needed.
Best regards,
Marc Bilger
DNS
Fixe :
+33
1 61 38 43 18
Mobile :
+33
6 79 30 26 75
marc1.bilger@orange.com