From owner-freebsd-questions@freebsd.org Tue Sep 6 09:33:38 2016 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id EEB05BC668C for ; Tue, 6 Sep 2016 09:33:38 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from smtp.infracaninophile.co.uk (smtp.infracaninophile.co.uk [81.2.117.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtp.infracaninophile.co.uk", Issuer "infracaninophile.co.uk" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 7ADE8946 for ; Tue, 6 Sep 2016 09:33:38 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from zero-gravitas.local (unknown [192.168.100.4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: m.seaman@infracaninophile.co.uk) by smtp.infracaninophile.co.uk (Postfix) with ESMTPSA id 38DE51DA0 for ; Tue, 6 Sep 2016 09:33:27 +0000 (UTC) Authentication-Results: smtp.infracaninophile.co.uk; dmarc=none header.from=FreeBSD.org Authentication-Results: smtp.infracaninophile.co.uk/38DE51DA0; dkim=none; dkim-atps=neutral Subject: Re: Query re. /etc/resolv.conf... To: freebsd-questions@freebsd.org References: <6666070D3E503A5E5747ED16@[10.12.30.106]> From: Matthew Seaman Message-ID: <9dcae5bb-93c4-1f31-da1b-03bd3609b314@FreeBSD.org> Date: Tue, 6 Sep 2016 10:33:15 +0100 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:45.0) Gecko/20100101 Thunderbird/45.2.0 MIME-Version: 1.0 In-Reply-To: <6666070D3E503A5E5747ED16@[10.12.30.106]> Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="iJf2wiQMBaFXxQx39JJoRwxsKn1mu4DuX" X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00 autolearn=ham autolearn_force=no version=3.4.1 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on smtp.infracaninophile.co.uk X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Sep 2016 09:33:39 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --iJf2wiQMBaFXxQx39JJoRwxsKn1mu4DuX Content-Type: multipart/mixed; boundary="nXUkgKNCp5V4FUNFOVPjsaPIsVGPrIq9i"; protected-headers="v1" From: Matthew Seaman To: freebsd-questions@freebsd.org Message-ID: <9dcae5bb-93c4-1f31-da1b-03bd3609b314@FreeBSD.org> Subject: Re: Query re. /etc/resolv.conf... References: <6666070D3E503A5E5747ED16@[10.12.30.106]> In-Reply-To: <6666070D3E503A5E5747ED16@[10.12.30.106]> --nXUkgKNCp5V4FUNFOVPjsaPIsVGPrIq9i Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 2016/09/06 10:03, Karl Pielorz wrote: > Can someone confirm this should work that way? - I thought by default i= t > was always "try the first, timeout, try the second..." >=20 > It doesn't appear to be working that way for us :( Given that the timeout for a DNS query is a pretty huge 30s -- a value that was set when the Internet had much less bandwidth and much more latency than it does today -- the 'trying resolvers in sequence' mechanism you suggest would take far too long for interactive use. Instead, what happens is that queries are fired off to each resolver in sequence with a much shorter gap between them. This continues until an answer to the query is received, which can come from any of the servers, or until all of the queries have timed out. Clearly this doesn't explain your observed behaviour. Hmmm.... No, I don't see how adding an extra nameserver to resolv.conf could give you any worse behaviour than before. I think you'ld have to grab DNS traffic with tcpdump(8) and perform some detailed analyses to debug that.= You could try adding: options timeout:1 to resolv.conf and see if that makes a difference. However, my experience is that local unbound is extremely stable and not at all likely to fail. Adding extra nameservers to /etc/resolv.conf really doesn't get you very much, and just isn't worth the effort. Cheers, Matthew --nXUkgKNCp5V4FUNFOVPjsaPIsVGPrIq9i-- --iJf2wiQMBaFXxQx39JJoRwxsKn1mu4DuX Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQJ8BAEBCgBmBQJXzo1hXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQxOUYxNTRFQ0JGMTEyRTUwNTQ0RTNGMzAw MDUxM0YxMEUwQTlFNEU3AAoJEABRPxDgqeTnCAgQAIl4Drc8uUzKWZkowG20a36o IHL/+R2h0WOVs7se1rX44w1cFEP0QrNBgeDtJnH7ePeyK8SgR0n0A4KKLZXVbRce cDIBHDMb3thahFKAvjFyNIev7fY0XdLcucWD+SXJBM+ROopPFyMpZqvzuCV8I9dL ZjWOwhUkowul5s7JTMpe6a2A8yCMmBeaUDFOoVIpffcaYMRKpAcO55oOmKPpS7VS QxPV5mFxgFMemV/LxPYNvUWej1QcEI7l7AdqH0gnRLYjCaYo8x5d9cja8JLdpkQG K551TELvUkzgoh3FX1qDFRerCGJRd9UBjnNGK492jjvex3K+UKdfWA0E3PcaYLGg eRZA8tmKDbHzfrppF9o9QB6NGMYDhewhpELqhXVlIyunONtDjB/6X6wAdgDPGCyg tvsWHZfwjbVgiiHhNCdaf0JqjdFyurjfzPPjf27rQfCsY/lEeL8nUEvJYU8uxm9Q Zo9p5IfxKpLNm4WU+sC3BB8RTlkv1jdyb1ZvUCcm27CaWaGD+R/jPCD9WdJPYAvL dESo4Vl5LD6rBkbS7vMkq8QHS6ciQmwDgUECLGF4ZJQtM6N6Hf/eUbc9tAwPVwdp Qrd009XfQkx8cIC+7923jDYDNBWqWs6lTpvanbAzY/PGg6L/eOTfJ32R/nxfV2FE 2fp9T90uWSakCCc2uHb4 =y00i -----END PGP SIGNATURE----- --iJf2wiQMBaFXxQx39JJoRwxsKn1mu4DuX--