Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 6 Sep 2016 10:33:15 +0100
From:      Matthew Seaman <matthew@FreeBSD.org>
To:        freebsd-questions@freebsd.org
Subject:   Re: Query re. /etc/resolv.conf...
Message-ID:  <9dcae5bb-93c4-1f31-da1b-03bd3609b314@FreeBSD.org>
In-Reply-To: <6666070D3E503A5E5747ED16@[10.12.30.106]>
References:  <6666070D3E503A5E5747ED16@[10.12.30.106]>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--iJf2wiQMBaFXxQx39JJoRwxsKn1mu4DuX
Content-Type: multipart/mixed; boundary="nXUkgKNCp5V4FUNFOVPjsaPIsVGPrIq9i";
 protected-headers="v1"
From: Matthew Seaman <matthew@FreeBSD.org>
To: freebsd-questions@freebsd.org
Message-ID: <9dcae5bb-93c4-1f31-da1b-03bd3609b314@FreeBSD.org>
Subject: Re: Query re. /etc/resolv.conf...
References: <6666070D3E503A5E5747ED16@[10.12.30.106]>
In-Reply-To: <6666070D3E503A5E5747ED16@[10.12.30.106]>

--nXUkgKNCp5V4FUNFOVPjsaPIsVGPrIq9i
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable

On 2016/09/06 10:03, Karl Pielorz wrote:
> Can someone confirm this should work that way? - I thought by default i=
t
> was always "try the first, timeout, try the second..."
>=20
> It doesn't appear to be working that way for us :(

Given that the timeout for a DNS query is a pretty huge 30s -- a value
that was set when the Internet had much less bandwidth and much more
latency than it does today -- the 'trying resolvers in sequence'
mechanism you suggest would take far too long for interactive use.

Instead, what happens is that queries are fired off to each resolver in
sequence with a much shorter gap between them.  This continues until an
answer to the query is received, which can come from any of the servers,
or until all of the queries have timed out.

Clearly this doesn't explain your observed behaviour.  Hmmm.... No, I
don't see how adding an extra nameserver to resolv.conf could give you
any worse behaviour than before.  I think you'ld have to grab DNS
traffic with tcpdump(8) and perform some detailed analyses to debug that.=


You could try adding:

options timeout:1

to resolv.conf and see if that makes a difference.

However, my experience is that local unbound is extremely stable and not
at all likely to fail.  Adding extra nameservers to /etc/resolv.conf
really doesn't get you very much, and just isn't worth the effort.

	Cheers,

	Matthew



--nXUkgKNCp5V4FUNFOVPjsaPIsVGPrIq9i--

--iJf2wiQMBaFXxQx39JJoRwxsKn1mu4DuX
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQJ8BAEBCgBmBQJXzo1hXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQxOUYxNTRFQ0JGMTEyRTUwNTQ0RTNGMzAw
MDUxM0YxMEUwQTlFNEU3AAoJEABRPxDgqeTnCAgQAIl4Drc8uUzKWZkowG20a36o
IHL/+R2h0WOVs7se1rX44w1cFEP0QrNBgeDtJnH7ePeyK8SgR0n0A4KKLZXVbRce
cDIBHDMb3thahFKAvjFyNIev7fY0XdLcucWD+SXJBM+ROopPFyMpZqvzuCV8I9dL
ZjWOwhUkowul5s7JTMpe6a2A8yCMmBeaUDFOoVIpffcaYMRKpAcO55oOmKPpS7VS
QxPV5mFxgFMemV/LxPYNvUWej1QcEI7l7AdqH0gnRLYjCaYo8x5d9cja8JLdpkQG
K551TELvUkzgoh3FX1qDFRerCGJRd9UBjnNGK492jjvex3K+UKdfWA0E3PcaYLGg
eRZA8tmKDbHzfrppF9o9QB6NGMYDhewhpELqhXVlIyunONtDjB/6X6wAdgDPGCyg
tvsWHZfwjbVgiiHhNCdaf0JqjdFyurjfzPPjf27rQfCsY/lEeL8nUEvJYU8uxm9Q
Zo9p5IfxKpLNm4WU+sC3BB8RTlkv1jdyb1ZvUCcm27CaWaGD+R/jPCD9WdJPYAvL
dESo4Vl5LD6rBkbS7vMkq8QHS6ciQmwDgUECLGF4ZJQtM6N6Hf/eUbc9tAwPVwdp
Qrd009XfQkx8cIC+7923jDYDNBWqWs6lTpvanbAzY/PGg6L/eOTfJ32R/nxfV2FE
2fp9T90uWSakCCc2uHb4
=y00i
-----END PGP SIGNATURE-----

--iJf2wiQMBaFXxQx39JJoRwxsKn1mu4DuX--



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?9dcae5bb-93c4-1f31-da1b-03bd3609b314>