On Aug 7, 2007, at 5:31 PM, Ask Bjørn Hansen wrote: > On Aug 7, 2007, at 17:09, Chuck Swiger wrote: >>>> Certainly BIND is doing round-robin within the result set: >>> >>> That's just your local cache rotating the same 14 IPs. >> >> Nope, there is more going on. I just set up a test zone having >> 256 RR's via: > > Huh? I'm confused. What does your test zone have to do with > pool.ntp.org ?
It is demonstrating that BIND will rotate which RR's get returned in a UDP packet such that you will get entirely different RR's. Well, if the total number of records matching the query is too large to fit in a single normal UDP response, that is. (Obviously, if there are only 14 records which all fit into a single UDP response, then BIND can only rotate the order in which those records appear for each query.) > On pool.ntp.org each DNS server is currently giving out the same > set of up to about 14 servers on each request. The zones are often > not quite in sync between the servers. That's fine-- it's probably desirable for the servers to be returning different results to help spread the load out more evenly, anyway. > Also, the zone data changes more often than the servers update and > again the servers update more often than the TTL for clients is -- > this is to try to spread out different data on the different end- > user DNS caches. Agreed. > However in the case of Turk Telekom it probably just makes it > worse because they'll cache one set of 14 IPs and give that to all > their equipment for 45 minutes (or whatever the TTL is). Yes, that seems to be at least part of the problem. If a very large organization like TT caches the result and fails to rotate the IPs in round-robin fashion, then any clients using those TT nameservers are going to hammer the IP which was first in the result from the pool.ntp.org nameservers. Regards, -- -Chuck PS: While Ask and Rui got the last message I sent properly formatted, it looks like this list strips out the format=flowed MIME Content- type header, so I apologize to the rest of y'all for the way the tcpdump output was line-wrapped. It wasn't sent like that, honest! :-) / 2 _______________________________________________ timekeepers mailing list [email protected] https://fortytwo.ch/mailman/cgi-bin/listinfo/timekeepers
