DNS zones should have multiple nameservers. Combined, RFC 1034 and RFC 2182 require that zones have at least two topologically and geographically distributed nameservers. A primary reason for multiple nameservers is to increase robustness in the face of individual failures. Thus, many zones including those considered critical to many enterprises operate with a large number of NS records per zone.
This provides recursive resolvers with a choice: which nameserver to contact when sending each DNS query? Previous research has studied the behavior of specific recursive resolver software in the lab and the behavior of recursive resolvers in the wild using synthetic traffic loads. This previous work shows that many recursive resolvers will attempt to home in on the lower RTT nameservers and prefer sending DNS queries to them. In this work, we look at the recursive resolvers’ choice of nameserver under production workloads of several zones important to the Akamai platform. We observe how many and how significantly recursive resolvers prefer nameservers by RTT given real world DNS query rates. We go on to consider the impact that this has on performance and security with an eye toward improvements that can be made.