forward first and fallback not working
rob0 at gmx.co.uk
Wed Aug 24 16:19:22 UTC 2016
On Wed, Aug 24, 2016 at 05:28:55PM +0200, Marco Felettigh wrote:
> The dns resolution with 188.8.131.52 works fine with "forward first" if
> 184.108.40.206 is working but for testing i blocked with an intermediate
> firewall the dns requests to the forwarder and two things happened
> (the second one is bad).
> 1) If the firewall reset the connection to 220.127.116.11 bind fallbacks
> on its root servers and this is good
> 2) If the firewall drop the connection to 18.104.22.168 bind does NOT
> this fallback on its root servers and this is a bad thing cause
> in this way i was testing a network outage for my forwarder.
> below my config
I am not sure this is a BIND issue. Try this with a longer timeout
set in your resolver ...
> Hi attach also che config
> search domain.dom
> nameserver 127.0.0.1
Try similar settings on other clients.
My glibc (GNU/Linux) resolver says the default timeout is 5 seconds.
I'm not sure about named, but I think its timeout is greater than
that. So named is waiting for its own timeout before attempting
recursion. By the time recursion is complete, the client has long
since given up.
If anything needs to change on the BIND side of this, perhaps it
would be the documentation of "forward first", to note that this
feature won't work with most standard resolver clients.
I would further suggest that this fallback isn't a very good idea
anyway; you'll probably be better off just doing the recursion
without forwarders in the picture.
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
More information about the bind-users