[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [FC3] Sites 'disappearing' from DNS



Andy Green wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Nigel Wade wrote:

| The root of this particular problem is that nscd caches this failed
| lookup for you, DNS does not.

I respectfully disagree.  I do not experience these "fact of life"
timeouts and fake NXDOMAIN results; I use my ISP DNS cached on a
separate machine here.

The DNS cache is behaving as designed, the problem seems to me to be the
timeout is set too low for the behaviour of the original poster's
upstream DNS, or put another way, the upstream DNS may be overloaded and
not always responsive.  I would do a

tcpdump port 53

(despite the name this gets UDP too) and look for SERVFAIL or slow
response, and if seen, complain to whoever it is that I pay for the
upstream DNS in the one case and in the other case add to /etc/resolv.conf

options timeout:xx

where xx is the timeout in seconds; my DNS cache machine has it set to
25.  If you are hanging around for more than 25 seconds to get DNS that
is not what I would call normal or a "fact of life".


You can complain all you like to your ISP, but that won't help one jot if the authorititive server for the domain is down/overloaded etc. You will get timeouts, and nscd will cache that. A repeat request will get a failure even if the information is now available again, until the nscd negative-time-to-live is reached.


Like I said, it's nscd that's the problem, not DNS. If you cache DNS using a proper DNS server I expect you will be ok. If you rely on nscd then you will see this problem.

--
Nigel Wade, System Administrator, Space Plasma Physics Group,
            University of Leicester, Leicester, LE1 7RH, UK
E-mail :    nmw ion le ac uk
Phone :     +44 (0)116 2523548, Fax : +44 (0)116 2523555


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]