Apologies, I am very new to DNS administration. My issue is that I have HTTP resource hostnames which are distinct across webpage accesses but are being resolved multiple times, often from LDNS resolvers in different networks. I am trying to understand why this is happening.
In my authoritative DNS logs, I see that there are many duplicate requests coming in for the same unique hostname. The A record TTL is short, only a few minutes and duplicate requests usually happen within seconds of each other. Sometime there are just a few extra, sometimes 10-15. Ideally, I would see only a single request per GUID, but at the moment only 51% of GUIDs see a single request from a single LDNS server. There are a few different patterns I’ve narrowed down and now I’m trying to understand what the possible causes of these duplicate requests are. In some examples, I use specific ISP names but these patterns are pretty common.
LDNS servers resolving the same GUID hostname are in different networks. In one case, 3/4 of the duplicates DNS requests come from an AT&T LDNS, the others were from COX.
In all duplicate requests, all LDNS IPs are distinct and belong to Comcast but in different Comcast ASNs.
Many duplicate requests, all LDNS IPs are the same.
Duplicate request once an hour through the same LDNS. This continues for days.
Hypothesis I’ve imagined so far.
- DNS response packets are lost on their way back to the LDNS or to client so are re-requested
- An LDNS may resolve on their own while also forwarding requests to load balanced counterparts or upstream/downstream resolvers to sync caches.
- Browser/OS DNS cache is full/broken/non-existant so the measurement URLs are re-queried even after the warmup URLs.
- Case 4 just seems like a straight up misbehaving resolver.
If it helps, I am running BIND 9.9.6.
Appreciate any help! Thanks.