Options for timeout in Bind/DNS

Philippe.Simonet at swisscom.com Philippe.Simonet at swisscom.com
Thu Jul 2 06:26:08 UTC 2009


 Hi

for you sshd daemon, or
	UseDns no
or in resolv.conf : 
options timeout:xxxx (defauzlt is 5)
options attempts:xxxx (default is 2)

it tries probably to make a reverse lookup of the ssh client ip address, 
in order to log the client name. if your DNS stops the rfc1918 zones 
iteration, it  shouldn't be any timeouts (or ?)

Philippe

> -----Original Message-----
> From: bind-users-bounces at lists.isc.org 
> [mailto:bind-users-bounces at lists.isc.org] On Behalf Of TPZ
> Sent: Thursday, July 02, 2009 8:06 AM
> To: bind-users at lists.isc.org
> Subject: Re: Options for timeout in Bind/DNS
> 
> Dnia 1-07-2009 o godz. 19:02 Kevin Darcy napisał(a):
> > TPZ wrote:
> > > Are there any options for Bind to configure timeout for 
> DNS requests?
> > >
> > >
> > >   
> > Short answer: not as far as I know.
> > 
> > Hopefully you understand that it's the DNS clients, and not 
> BIND itself,
> > that implement the main timeout/retry strategy for a DNS query
> > transaction. Send a request, if it times out, try another 
> resolver in
> > the resolver list, or retry the request. The main 
> determinant of whether
> > a request succeeds or fails, therefore, in the face of slow or
> > unavailable upstream nameservers, is the client resolver's
> > configuration, not BIND's. The applications which call the resolver
> > routines on those clients, may also have their own timeout 
> values, which
> > can sometimes be significantly shorter than what is set in 
> the client
> > resolver. Therefore they will timeout the lookup request before the
> > client resolver would have abandoned it.
> > 
> > BIND itself will time out and fail over quickly -- on the order of
> > milliseconds -- between the nameservers it talks to. It 
> will also keep
> > track, in its cache, of what nameservers are responding 
> slowly, or which
> > are giving invalid answers, and de-prioritize or avoid 
> nameservers in
> > those respective categories. So, in practical terms, it is 
> "self-tuning"
> > over time, and in a way that is far more sophisticated than 
> setting a
> > single "timeout" value could ever hope to accomplish.
> > 
> > - Kevin
> > 
> > _______________________________________________
> > bind-users mailing list
> > bind-users at lists.isc.org
> > https://lists.isc.org/mailman/listinfo/bind-users
> 
> Thank you for explain.
> I experienced some problems with i.e. SSH, because there is an option 
> set by default #UseDNS yes. And when DNS is not available (ie via 
> /etc/resolv.conf) it is about 30 seconds timeout. Even if you connect 
> like this "ssh user at 192.168.100.12" (without DNS domain name) 
> application trying contact DNS.
> Are you agree with me?
> 
> 
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
> 


More information about the bind-users mailing list