Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


In this Discussion

Problem with CloudFlare automatic TTL being too short for Google DNS
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Problem with CloudFlare automatic TTL being too short for Google DNS

loydloyd Member
edited May 2019 in General

I moved one site DNS to CloudFlare and noticed my mail client has often timed out on DNS lookup. The problem seems to be with Google DNS 8.8.8.8 and 8.8.4.4, which would return SERVFAIL to nslookup most of time.

nslookup -debug -type=A mail.mydomain.com 8.8.4.4

results in

Server:         8.8.4.4
Address:        8.8.4.4#53

------------
    QUESTIONS:
        mail.mydomain.com, type = A, class = IN
    ANSWERS:
    AUTHORITY RECORDS:
    ADDITIONAL RECORDS:
------------
** server can't find mail.mydomain.com: SERVFAIL

but when querying CloudFlare , OpenDNS or tools like dnschecker.org it would always work fine.

I use my router as DNS server and I believe the ISP internally uses Google DNS (do not see it in settings, it just says Automatic DHCP configuration) and that's why the mail client has been acting up.

8.8.8.8 and 8.8.4.4 are not single nodes but load balancers and everytime queried, different node answers, I can see it by jumping TTL in the debug answers when I get an answer from time to time. The TTL is always very low, highest value I seen was 150.

I believe that CloudFlare's automatic TTL is too short for propagation within Google DNS network and with the amount of DNS queries Google network handles, my insignificant low priority domain probably spends most of the time waiting in queues to be refreshed from its authoritative DNS. After changing TTL to 3600, I started seeing mostly good results from Google DNS.

Btw. when testing Google 8.8.8.8, CloudFlare 1.1.1.1 and OpenDNS 208.67.220.220 for latency, Google is slowest, and the other two are comparable

UPDATE: Google offers public DNS cache flushing tool here: https://developers.google.com/speed/public-dns/cache

After I flushed my main domain, did about 20-30 nslookups on each 8.8.8.8 and 8.8.4.4 and it works 100% now with 1hr TTL.

Comments

  • sanvitsanvit Member

    BunnyCDN's TTL is 34 and it resolves fine with 8.8.8.8.

  • loydloyd Member

    @sanvit said:
    BunnyCDN's TTL is 34 and it resolves fine with 8.8.8.8.

    Most things usually work fine, until they don't. Do not have time nor expertise to figure out what kind of marginal condition am I hitting, but I spent enough time with this and now someone else does not have to.

    Thanked by 1sanvit
Sign In or Register to comment.