Date: Tue, 10 Feb 2009 21:46:10 -0900 From: Mel <fbsd.questions@rachie.is-a-geek.net> To: freebsd-questions@freebsd.org Cc: David Naylor <naylor.b.david@gmail.com> Subject: Re: Slow DNS (and host: connection timed out) Message-ID: <200902102146.10813.fbsd.questions@rachie.is-a-geek.net> In-Reply-To: <200902101409.57195.naylor.b.david@gmail.com> References: <200902060955.59611.naylor.b.david@gmail.com> <200902092233.36536.fbsd.questions@rachie.is-a-geek.net> <200902101409.57195.naylor.b.david@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tuesday 10 February 2009 03:09:54 David Naylor wrote:
> On Tuesday 10 February 2009 09:33:36 Mel wrote:
> > On Thursday 05 February 2009 22:55:56 David Naylor wrote:
> > > Hi,
> > >
> > > My ISP is using a WinGate DNS but resolving host names often takes a
> > > long time. The problem is also present in Konqueror (3 & 4) and
> > > Firefox.
> > >
> > > An example:
> > > # time host google.co.za
> > > google.co.za has address 66.249.93.104
> > > google.co.za has address 72.14.207.104
> > > google.co.za has address 64.233.161.104
> > > ;; connection timed out; no servers could be reached
> > > ;; connection timed out; no servers could be reached
> >
> > Do your own DNS. Your ISP chokes in AAAA ('IPv6') look ups. If you're not
> > allowed to, still run a local resolver with aggressive neg ttl caching.
> >
> > See the numerous tutorials on the web on how to run your own resolver.
>
> Well spotted. You are right that the ISP is choking on AAAA, except it is
> returning SERVFAIL. I already have a local named running and acts as a
> forwarder. Unfortunately I have to use the ISP to resolve names (it is the
> only nameserver I have access to).
You cannot connect to an outside nameserver, due to ISP restrictions I take
it?
> Google says bind won't cache SERVFAIL responces and I have no idea how to
> disable named from forwarding AAAA requests.
Me neither. I battled with ISC about this before, but their position is that
ISP nameservers and loadbalancers should 'get with the program'.
Not everyone has this luxury but if your ISP has any competition in your area,
check them out.
I briefly looked into views but you don't seem to be able to select views
based on RRs. Firewall isn't really an option either, since you'd have to
inspect the UDP payload.
--
Mel
Problem with today's modular software: they start with the modules
and never get to the software part.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200902102146.10813.fbsd.questions>