08-11-2017 01:05 PM
I have created an Internal Delegated zone with NS records to 3 F5 GTM Load Balancer IPs. They are geographically located in the US. When one of the Infoblox members assigned this Delegated zone is queried by a client I expected Infoblox to constantly preform a recursive lookup to the GTM that has the best RTT results. However, my capture results at the GTM show the Infoblox member will hit all 3 servers. This is great but not expected, does Infoblox generate a round trip time table for recursive lookups or does it always round robin the recursive lookup for a delegated domain.
Thanks for the help
08-14-2017 10:09 AM
So I think we need a little more info here. The authoritative side of the process is going to hand back 3 NS records to the recursive server. Is this the same server in your case? It is then up to the recursive NS to do the RTT decay to determine which of the NS's is the fastest and stick to it.
If the TTL on the NS records is pretty low, and the traffic to the domain isn’t very high then you may find that the NS records dropped from cache before being needed again or that the RTT expired and needed to be retested.
08-14-2017 01:45 PM
Yeah, that is way too low for an NS record (and the glue) -- unless you are doing some fast-flux, or changing the NS's IP address. I suspect your NS records are dropping from cache causing you to need to re-do the RTT decay calculation. If you are not moving to a new, NS there is no reason to have them set this low.
If it were me, I would set the TTL for the NS records (and the A RR’s for the glue) of the delegation for at the very least 1hr but more preferably >= 1 day -- again assuming you aren't moving the NS to a new IP or provider within TTL+1
Once you do that I thik you will see Infoblox use the RTT calculation you expected to see in action.
08-14-2017 02:17 PM
Not that I think it will make a big difference in your reply but 1 correction from my details. The records hosted on the GTM for the delegated domain is 30 sec. The NS records on the Infoblox for the delegation are 300 sec.
Thanks again for all the help
08-14-2017 03:05 PM
So you get 2 cache entry points for NS records and their glue.. First from the parent zone (assuming your NS records are actually inside your delegation), then the authoratative servers that own the delegated zone get a 2nd chance to update the NS records and glue.
If Infoblox says 300 but then the GMT says 30 for the same NS RR set, the GTM wins and those are the values that are cached by most modern recursive NS's -- including Infoblox.