[FC3] Sites 'disappearing' from DNS
Andy Green
andy at warmcat.com
Fri Apr 8 06:56:57 UTC 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Brian Fahrlander wrote:
| On Thu, 2005-04-07 at 16:38 -0500, Les Mikesell wrote:
|
|
|>Where does the error occur? On your machine or the DNS machine? If
|>it is your machine you could try adding more nameserver entries in
|>/etc/resolv.conf even if you have to point them to the same DNS server.
|
|
| You must not have heard; the error was a popup window from Firefox.
| "host" (or I suppose nslookup) could get the IP addresses, but for some
| reason Firefox would pop up an error, quickly, and be the problem. It
| doesn't look like any of the 'real' DNS stuff was ever a problem.
That's not what I understood from reading the thread. The situation is
that the DNS cache is a more noticable "detector" of the problem,
because it extends the lack of resolvability to 300s or whatever due to
the "negative ttl" feature of the cache. But something ELSE caused the
DNS cache to see a failure to resolve in the first place. The problem
is highly unlikely to be local to the DNS cache itself I would imagine.
~ So....
| Network problem? No, this problem went away when I messed with
| nscd, I don't think there was ever a network problem or DNS problem...
... the next guess is that you may have a systemic network packetloss
issue. When the DNS request or response packet gets dropped and lost,
then the DNS cache is provoked into "negative ttl" mode and will
immediately tell you NXDOMAIN until the "negative ttl" is used up. So
there's no mystery why firefox comes back immediately with the bad news,
it's the DNS cache doing its job after it sees a failure to resolve a
site. The mystery is how the DNS cache got the idea it couldn't resolve
your site in the first place.
Why not try floodpinging your DNS server and see if you see any dots
before your eyes. Dots represent lost packets somewhere along the line.
ping -f -i 0 -s 1490 192.168.0.1
Replace 192.168.0.1 with your DNS server IP.
- -Andy
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iD8DBQFCVis5jKeDCxMJCTIRArgZAJ9yVkyEmbWsIGAZ57fGkeZktkDAyACbBrsa
nLcy2PTPraX3T461g61egGI=
=Ari2
-----END PGP SIGNATURE-----
More information about the users
mailing list