Forwarders under 8.2.2-P5 slightly broken?

Jim Reid jim at rfc1035.com
Fri Jul 21 00:57:06 UTC 2000 

>>>>> "Bruno" == Bruno Hall <bruno_hall at yahoo.com> writes:

    Bruno> The first machine has been configured to forward all
    Bruno> requests to the second one,

    Bruno> The second machine is has root hints.

    Bruno> The problem I've noticed is that about 50% of the time,
    Bruno> when a query is sent to the first machine, it times out.
    Bruno> When the same query is immediately sent again, it succeeds.
    Bruno> After the first query, there is nothing regarind the query
    Bruno> in the cache of the first machine.  Meanwhile, on the
    Bruno> second machine, after the first query is sent, the cache
    Bruno> contains the NS records for the domain containing the RR
    Bruno> sought, but not the RR in question.

The output you showed from dig is inconclusive since it's not clear
which server you were querying or whether that server did the
forwarding or was the target of the forwarded queries. That output
from dig doesn't support your story either. It just shows a query
timing out and succeeding when you repeat the same query (on the same
system? at around the same time?)

This sort of behaviour can be expected with forwarding servers. Try
getting rid of the forwarding stuff: it's probably more of a hindrance
than a help. What's probably happening is that you're making a request
to server A. A forwards to B but before B returns an answer to A, the
original query sent to A times out. Then, by the time you try again, B
has got an answer (or partial answer) to its query which means it can
send something back to A before the second query times out. This could
get worse if B forwards queries to server C, etc, etc. Setups with
forwarding name servers are usually a lot more bother than they're
worth.

FWIW, the RRs for gnac.com seem to have a 30 minute TTL. Your dig
output showed answers with TTLs of 28 minutes, 45 seconds. So it looks
like at least 75 seconds elapsed between the first failed lookup and
the second. Assuming they were done on the same machine of course.

BTW, what was the point of hiding the actual names and addresses of
the two servers and the names you were looking up? If you go to a
garage because your car is broken, do you expect the mechanic to tell
you what's wrong without letting them look at the car?

More information about the bind-users mailing list