resolv.conf and slow resolving when first nameserver is down

D

Driesp

Verified User
Joined
Mar 12, 2007
Messages
180
Location
Belgium
Hello

I was wondering if someone here has found a good solution to this problem and is happy to share it with us.

Lately I am experiencing outages of my provider's resolving nameservers at random.
At the point when the first nameserver in resolv.conf is failing, resolving becomes very slow (5+ seconds).
It seems like the built-in resolver in centos is slow noticing an outage of the nameserver.
This causes exim to stop working at all or just being very, very slow.

I have found a solution to this problem, but it is in my opinion not the best one, and hope to find a better one.
#/etc/resolv.conf
Code: 
nameserver (ip #1 server)
nameserver (ip #2 server)
nameserver (ip #3 server)
nameserver (ip #4 server)

options timeout:1
options attempts:5
options rotate

=> see options timeout:1 and attempts:5

This helps a bit.
When the first server seems down, after 1 second it moves along to the second one.

However exim is still too slow in my opinion (+-3 seconds)
It still takes 3 seconds to send the code 220 with greeting, which should be faster in my opinion.

It seems like the built-in nameserver resolver client (or how do you call it) does not put a nameserver in down-state, and is as a result slow every time again when the first server is down.

And, oh, by the way, 'options rotate' does not work .... :(
It should pick a random nameserver, but it does not.
And this means, other servers specified in my resolv.conf file are 'never' used.

... or maybe it is time redhat improves the built-in resolver?

thank you for your time
 
Ask them to do that :) (if you're seriously about this join a developer forum for Fedora).

Or discuss with your upstream why they have problems with their nameservers and ask them for a better solution.

Or use Google's public DNS servers.

Note that most of us stop at two resolving nameservers; as you've already noted, it just takes longer when you use more, and the problem is often not resolved.

Jeff
 
Jeff,

Spamhaus says that if you use Google's DNS servers then zen.spamhaus.org will not work properly (I have this problem right now).
They say:"Check what DNS resolvers you are using: If you are using a free "open DNS resolver" service such as Google Public DNS or Level3's public DNS servers to resolve your DNSBL requests, in most cases you will receive a "not listed" (NXDOMAIN) reply from Spamhaus' public DNSBL servers. Please use your own DNS servers when doing DNSBL queries to Spamhaus."

How to solve then?
 
Did you read my Edit#41 notes in my SpamBlocker 4.1 ReadMe file (nobaloney.net)? Did you read the Spamhaus project website? Spamhaus requires payment from many users. That's why I've made it optonal in SpamBlocker 4.1.

Of course resolving DNS servers can only know the caching server making the request, so if you and lots of other people using Google's (or others') public caching servers, they go over the number allowed at no charge very quickly.

The best way to make sure you'll get your services from Spamhaus is to use your own caching nameservers and pay Spamhaus according to their terms.

It's easy enough to set up your own caching nameservers; but it means you need to pay for them, or for space for them if you use your own hardware. Or use your upstream if it works. Or use public nameservers such as Google's, if that's all that's cost effective for you, and give up on Spamhaus. As with almost everything, tradeoffs abound.

Please send me a link to that post if you can.

Jeff
 
You must log in or register to reply here.
Back
Top