Clients get DNS timeouts because ipv6 means more queries for each lookup
Michael Sinatra
michael at rancid.berkeley.edu
Tue Jul 12 00:16:10 UTC 2011
> Users are experiencing this problem now in the field, and more users
will
> be experiencing it as BIND is upgraded in more and more places. Every
> single user relying on a Fedora 15 DNS server, for example, is going to
> see occasional unnecessary DNS timeouts when trying to resolve host
names.
> It seems clear to me that a generally available, generally applicable
fix
> to BIND is needed to avoid this issue and perhaps similar issues like
it.
What is the fix you want? Negative caching of FORMERR responses? That
won't work in the wikipedia case, since the (incorrect) SOA minimum is
only 10 minutes, and your cron job runs every 15 minutes.
There are millions of broken domains out there. Asking BIND to install
kludges to pave over them is probably not the best way to go.
michael
PS. BTW, it would be incorrect to state that queries for non-existent AAAA
records for a domain name for which other records exist (e.g. CNAME or A)
should get an NXDOMAIN response. They absolutely should not. They should
get an empty answer with a NOERROR RCODE. NXDOMAIN means that there are
no dns records whatsoever that have the domain name en.wikipedia.org,
which is certainly not the case.
More information about the bind-users
mailing list