From owner-freebsd-questions@FreeBSD.ORG Wed Feb 11 06:46:12 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4FEFE106564A for ; Wed, 11 Feb 2009 06:46:12 +0000 (UTC) (envelope-from fbsd.questions@rachie.is-a-geek.net) Received: from mail.rachie.is-a-geek.net (rachie.is-a-geek.net [66.230.99.27]) by mx1.freebsd.org (Postfix) with ESMTP id 12F598FC16 for ; Wed, 11 Feb 2009 06:46:11 +0000 (UTC) (envelope-from fbsd.questions@rachie.is-a-geek.net) Received: from localhost (mail.lan.rachie.is-a-geek.net [192.168.2.101]) by mail.rachie.is-a-geek.net (Postfix) with ESMTP id 0FCCDAFC1FF; Tue, 10 Feb 2009 21:46:11 -0900 (AKST) From: Mel To: freebsd-questions@freebsd.org Date: Tue, 10 Feb 2009 21:46:10 -0900 User-Agent: KMail/1.9.10 References: <200902060955.59611.naylor.b.david@gmail.com> <200902092233.36536.fbsd.questions@rachie.is-a-geek.net> <200902101409.57195.naylor.b.david@gmail.com> In-Reply-To: <200902101409.57195.naylor.b.david@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-6" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200902102146.10813.fbsd.questions@rachie.is-a-geek.net> Cc: David Naylor Subject: Re: Slow DNS (and host: connection timed out) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Feb 2009 06:46:12 -0000 On Tuesday 10 February 2009 03:09:54 David Naylor wrote: > On Tuesday 10 February 2009 09:33:36 Mel wrote: > > On Thursday 05 February 2009 22:55:56 David Naylor wrote: > > > Hi, > > > > > > My ISP is using a WinGate DNS but resolving host names often takes a > > > long time. The problem is also present in Konqueror (3 & 4) and > > > Firefox. > > > > > > An example: > > > # time host google.co.za > > > google.co.za has address 66.249.93.104 > > > google.co.za has address 72.14.207.104 > > > google.co.za has address 64.233.161.104 > > > ;; connection timed out; no servers could be reached > > > ;; connection timed out; no servers could be reached > > > > Do your own DNS. Your ISP chokes in AAAA ('IPv6') look ups. If you're not > > allowed to, still run a local resolver with aggressive neg ttl caching. > > > > See the numerous tutorials on the web on how to run your own resolver. > > Well spotted. You are right that the ISP is choking on AAAA, except it is > returning SERVFAIL. I already have a local named running and acts as a > forwarder. Unfortunately I have to use the ISP to resolve names (it is the > only nameserver I have access to). You cannot connect to an outside nameserver, due to ISP restrictions I take it? > Google says bind won't cache SERVFAIL responces and I have no idea how to > disable named from forwarding AAAA requests. Me neither. I battled with ISC about this before, but their position is that ISP nameservers and loadbalancers should 'get with the program'. Not everyone has this luxury but if your ISP has any competition in your area, check them out. I briefly looked into views but you don't seem to be able to select views based on RRs. Firewall isn't really an option either, since you'd have to inspect the UDP payload. -- Mel Problem with today's modular software: they start with the modules and never get to the software part.