-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Nigel Wade wrote:
| The root of this particular problem is that nscd caches this failed | lookup for you, DNS does not.
I respectfully disagree. I do not experience these "fact of life" timeouts and fake NXDOMAIN results; I use my ISP DNS cached on a separate machine here.
The DNS cache is behaving as designed, the problem seems to me to be the timeout is set too low for the behaviour of the original poster's upstream DNS, or put another way, the upstream DNS may be overloaded and not always responsive. I would do a
tcpdump port 53
(despite the name this gets UDP too) and look for SERVFAIL or slow response, and if seen, complain to whoever it is that I pay for the upstream DNS in the one case and in the other case add to /etc/resolv.conf
options timeout:xx
where xx is the timeout in seconds; my DNS cache machine has it set to 25. If you are hanging around for more than 25 seconds to get DNS that is not what I would call normal or a "fact of life".
- -Andy -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iD8DBQFCVQ4sjKeDCxMJCTIRAjXXAJ9r+dUXMIbpTmDIjap7xl4TLw7z0gCeMq69 JmkbdszH43A4ZmPEKhhfPO8= =7Nzs -----END PGP SIGNATURE-----
