Clients get DNS timeouts because ipv6 means more queries for each lookup

Michael Sinatra michael at
Tue Jul 12 00:16:10 UTC 2011

> Users are experiencing this problem now in the field, and more users
> be experiencing it as BIND is upgraded in more and more places. Every 
> single user relying on a Fedora 15 DNS server, for example, is going to 
> see occasional unnecessary DNS timeouts when trying to resolve host 

> It seems clear to me that a generally available, generally applicable 
> to BIND is needed to avoid this issue and perhaps similar issues like 

What is the fix you want?  Negative caching of FORMERR responses?  That 
won't work in the wikipedia case, since the (incorrect) SOA minimum is 
only 10 minutes, and your cron job runs every 15 minutes.

There are millions of broken domains out there.  Asking BIND to install 
kludges to pave over them is probably not the best way to go.


PS. BTW, it would be incorrect to state that queries for non-existent AAAA 
records for a domain name for which other records exist (e.g. CNAME or A) 
should get an NXDOMAIN response.  They absolutely should not.  They should 
get an empty answer with a NOERROR RCODE.  NXDOMAIN means that there are 
no dns records whatsoever that have the domain name, 
which is certainly not the case.

More information about the bind-users mailing list