switching query-source address on timeout and exhaustion of available servers

Kevin Darcy kcd at chrysler.com
Mon Nov 12 21:19:46 UTC 2007


Giuliano Gavazzi wrote:
> Hello, on one server I run BIND 9.3.1 as /sbin/named -4 on MacOSX10.3.9.
>
> In the last few days I have seen failures in resolving some domains,  
> just a couple I believe. This failure happens only when the query- 
> source is changed from one line (ADSL) to another (HDSL) on a  
> different provider.
> I have traced the problem to a routing problem between the HDSL  
> provider network and the secondaries of the domain(s) in question.
> This is what happens: the first name server queried gives a SERVFAIL  
> (should not!) and then the secondaries are interrogated, but they are  
> reachable only from the ADSL line. So when originated from the HDSL  
> line instead, the query times out.
>
> I hope this is not a FAQ: it would be interesting to be able to switch  
> query-source after a timeout or error has been hit on all nameservers  
> so that the these temporary (hopefully) network problems can be  
> circumvented (at least for DNS...).
>
>   
I don't think it's an FAQ, in fact I don't remember anyone ever asking 
it before.

The only thing that comes immediately to mind is to run two instances of 
named, one of which is locked to use only the ADSL as its query-source. 
Then define the zones in question in the other instance as "type 
forward" to the "locked-down" instance. Make sure to define "forward 
first" for those zones, though (as opposed to "forward only"): in this 
way, if for some reason the queries are timing out or returning slowly 
from ADSL, the non-locked-down instance will fall back to attempting to 
resolve the name _without_ using forwarding, which gives an extra chance 
of resolution using the HDSL line as a query-source.

- Kevin




More information about the bind-users mailing list