[FC3] Sites 'disappearing' from DNS

[Nigel Wade]

Andy Green wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Nigel Wade wrote:
> 
> | The root of this particular problem is that nscd caches this failed
> | lookup for you, DNS does not.
> 
> I respectfully disagree.  I do not experience these "fact of life"
> timeouts and fake NXDOMAIN results; I use my ISP DNS cached on a
> separate machine here.
> 
> The DNS cache is behaving as designed, the problem seems to me to be the
> timeout is set too low for the behaviour of the original poster's
> upstream DNS, or put another way, the upstream DNS may be overloaded and
> not always responsive.  I would do a
> 
> tcpdump port 53
> 
> (despite the name this gets UDP too) and look for SERVFAIL or slow
> response, and if seen, complain to whoever it is that I pay for the
> upstream DNS in the one case and in the other case add to /etc/resolv.conf
> 
> options timeout:xx
> 
> where xx is the timeout in seconds; my DNS cache machine has it set to
> 25.  If you are hanging around for more than 25 seconds to get DNS that
> is not what I would call normal or a "fact of life".
> 

You can complain all you like to your ISP, but that won't help one jot if 
the authorititive server for the domain is down/overloaded etc. You will get 
timeouts, and nscd will cache that. A repeat request will get a failure even 
if the information is now available again, until the nscd 
negative-time-to-live is reached.

Like I said, it's nscd that's the problem, not DNS. If you cache DNS using a 
proper DNS server I expect you will be ok. If you rely on nscd then you will 
  see this problem.

-- 
Nigel Wade, System Administrator, Space Plasma Physics Group,
             University of Leicester, Leicester, LE1 7RH, UK
E-mail :    nmw at ion.le.ac.uk
Phone :     +44 (0)116 2523548, Fax : +44 (0)116 2523555