DNS problems this morning -
Rick Stevens
ricks at alldigital.com
Tue Nov 13 18:06:32 UTC 2012
On 11/13/2012 08:38 AM, Bob Goodwin - Zuni, Virginia, USA issued this
missive:
> On 13/11/12 09:59, Tim wrote:
>> I seem to recall that there is a way to set the timeout delay before
>> abandoning the first query, and querying the next server, but I don't
>> recall the details, and there's no man file for resolv.conf on this
>> installation of F17. I don't know if there's configuration options
>> about always trying the first server, first.
>
> It looks like there is a way. From man resolv.conf:
>
> options
>
> Options allows certain internal resolver variables to be modified.
> The syntax is options option ...
>
> where option is one of the following:
>
> timeout:n
>
> sets the amount of time the resolver will wait for a response from a
> remote name server before retrying the query via a different name
> server. Measured in seconds, the default is RES_TIMEOUT (currently
> 5, see <resolv.h>). The value for this option is silently capped to 30.
>
> attempts:n
>
> sets the number of times the resolver will send a query to its name
> servers before giving up and returning an error to the calling
> application. The default is RES_DFLRETRY (currently 2, see
> <resolv.h>). The value for this option is silently capped to 5.
>
> It's not clear to me how to type the command though.
You don't. You put the entries in the /etc/resolv.conf file and the
resolver library picks them up.
> The 5 second
> timeout seems much to long when combined with 5 tries, perhaps fewer
> tries would be better? However I imagine there were good reasons for
> the defaulsts ...
If you've ever run a big network (or a really popular one) you can watch
the DNS servers get pummeled--especially if you have short TTLs set on
the records. That being said, even a busy name server should respond in
5 seconds or less, so that seems reasonable.
The default retry count is 2 (not 5) so the defaults as stated would
result in a 10 second delay before the second DNS server is consulted.
Yes, that seems an eternity, but not everyone has fast Internet access.
There are still people with dial-up service (hard to believe, but
they're out there). The standards were set up to accommodate these older
environments. If you want a true giggle, look up RFC 1149,
"Transmission of IP Datagrams on Avian Carriers" and be glad that it
never caught on. :-)
You can put in as long a timeout or as many retries as you want, but
the library will limit timeouts to no more than 30 seconds (even if you
specify 45) and no more than 5 retries (even if you specify 10). That's
what the "silently capped" bit means.
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer, AllDigital ricks at alldigital.com -
- AIM/Skype: therps2 ICQ: 22643734 Yahoo: origrps2 -
- -
- To err is human. To forgive, a large sum of money is needed. -
----------------------------------------------------------------------
More information about the users
mailing list