[FC3] Sites 'disappearing' from DNS
Andy Green
andy at warmcat.com
Mon Apr 4 11:22:47 UTC 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Brian Fahrlander wrote:
| On Sun, 2005-04-03 at 14:43 -0700, Craig White wrote:
|
|
|>the fact that it doesn't find it the first time but does on subsequent
|>tries suggest that you have some problem with the setup and latency so
|>your client times out before the dns lookup completes.
|>
|>Probably the best way to fix that is to fix your caching dns server.
|
|
| Well, if I had to get it twice to actually make it, sure...the funny
| thing is, if I go there first with 'host' and find it, then use Firefox,
| it still doesn't. (Denying all reason that *I* know) Firefox just won't
| find it. That's what makes me think Firefox is involved. These are
| sites I've visited every day or so for years...and I've not changed the
| local /etc/resolv.conf or anything on my end for about as long.
|
| How can this be?
Your ISP DNS is likely going slow every now and again -- watch it with
tcpdump and see what you see.
Whatever machine at your site talks to the ISP DNS server is often
giving up on the query before the response is received. Then I guess it
gives up and figures it's an NXDOMAIN. There's a thing called negative
TTL for DNS, basically if it got a response of NXDOMAIN once, it will
for a fixed time not bother to check again but immediately say NXDOMAIN
to queries. I guess this is where your "it doesn't exist no matter what
I do" period is coming from.
Then after the negative TTL is exhausted, it will check again with your
ISP DNS, and depending on if your ISP DNS is fast enough or not, you
either get through or have another period of negative TTL timeout.
Here's a suggestion: on the machine that talks to your ISP DNS, edit
resolv.conf to add
nameserver xxx.xxx.xxx.xxx
options timeout:25
This will get your machine to wait up to 25 seconds for a response from
the ISP DNS server and should hopefully make the problem go away, if I
understood it right.
- -Andy
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iD8DBQFCUSOGjKeDCxMJCTIRAiOYAJ9SXJVpoiB7lmxg+DSRIwQ3PF5aPgCcCa+1
+QmK/NzofFcB2GRQCSuCyF0=
=BGEm
-----END PGP SIGNATURE-----
More information about the users
mailing list