On Mon, 2005-04-04 at 12:22 +0100, Andy Green wrote:
Your ISP DNS is likely going slow every now and again -- watch it with tcpdump and see what you see.
Whatever machine at your site talks to the ISP DNS server is often giving up on the query before the response is received. Then I guess it gives up and figures it's an NXDOMAIN. There's a thing called negative TTL for DNS, basically if it got a response of NXDOMAIN once, it will for a fixed time not bother to check again but immediately say NXDOMAIN to queries. I guess this is where your "it doesn't exist no matter what I do" period is coming from.
Then after the negative TTL is exhausted, it will check again with your ISP DNS, and depending on if your ISP DNS is fast enough or not, you either get through or have another period of negative TTL timeout.
Here's a suggestion: on the machine that talks to your ISP DNS, edit resolv.conf to add
nameserver xxx.xxx.xxx.xxx options timeout:25
This will get your machine to wait up to 25 seconds for a response from the ISP DNS server and should hopefully make the problem go away, if I understood it right.
Well, I'll keep this idea in mind; but usually when Firefox is problematic, the "can't get there" box comes up in about 1s...not as much/over 25s. But I appreciate the effort...