-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Brian Fahrlander wrote: | On Sun, 2005-04-03 at 14:43 -0700, Craig White wrote: | | |>the fact that it doesn't find it the first time but does on subsequent |>tries suggest that you have some problem with the setup and latency so |>your client times out before the dns lookup completes. |> |>Probably the best way to fix that is to fix your caching dns server. | | | Well, if I had to get it twice to actually make it, sure...the funny | thing is, if I go there first with 'host' and find it, then use Firefox, | it still doesn't. (Denying all reason that *I* know) Firefox just won't | find it. That's what makes me think Firefox is involved. These are | sites I've visited every day or so for years...and I've not changed the | local /etc/resolv.conf or anything on my end for about as long. | | How can this be?
Your ISP DNS is likely going slow every now and again -- watch it with tcpdump and see what you see.
Whatever machine at your site talks to the ISP DNS server is often giving up on the query before the response is received. Then I guess it gives up and figures it's an NXDOMAIN. There's a thing called negative TTL for DNS, basically if it got a response of NXDOMAIN once, it will for a fixed time not bother to check again but immediately say NXDOMAIN to queries. I guess this is where your "it doesn't exist no matter what I do" period is coming from.
Then after the negative TTL is exhausted, it will check again with your ISP DNS, and depending on if your ISP DNS is fast enough or not, you either get through or have another period of negative TTL timeout.
Here's a suggestion: on the machine that talks to your ISP DNS, edit resolv.conf to add
nameserver xxx.xxx.xxx.xxx options timeout:25
This will get your machine to wait up to 25 seconds for a response from the ISP DNS server and should hopefully make the problem go away, if I understood it right.
- -Andy
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iD8DBQFCUSOGjKeDCxMJCTIRAiOYAJ9SXJVpoiB7lmxg+DSRIwQ3PF5aPgCcCa+1 +QmK/NzofFcB2GRQCSuCyF0= =BGEm -----END PGP SIGNATURE-----