large organization nameservers sending icmp packets to dns servers.

Peter Dambier peter at
Mon Aug 6 20:31:32 UTC 2007

John L wrote:
> Um, unless I seriously misunderstand the client DNS cache wants to know 
> which server is closest.  So it sends DNS queries to all three NS at the 
> same time.  Then it waits for the answers.  Whichever one answers first 
> is the closest.  What am I missing?

The bind_garbadge_collection_delay.

 From time to time bind goes to sleep, depending on the size
and number of zones the nameserver does host.

Maybe it is internal garbadge collection or memory reclaiming.
Maybe it is the operating system that causes the delay.
That delay is very random.

icmp is answered by the network layer.

dns is answered after the network layer passes the packet to the operating system,
after the operating system passes the packet to the tcp/ip subsystem,
after the tcp/ip subsystem passes the packet to the socket subsystem,
after the memorymanager swappes bind back into memory - and all the way back.

Each of the steps could envolve the memory manager swapping memory to disk or
from disk. Each of the delays could be longer that all network delays.

I have seen nameservers answering after seconds.
I have seen pings to those servers returning after only 30 millisecs.

Kind regards
Peter and Karin

Peter and Karin Dambier
Cesidian Root - Radice Cesidiana
Rimbacher Strasse 16
D-69509 Moerlenbach-Bonsweiher
+49(6209)795-816 (Telekom)
+49(6252)750-308 (VoIP:
mail: peter at
mail: peter at echnaton.arl.pirates

More information about the NANOG mailing list