resolv.conf question / timeout behaviour

Grant Taylor gtaylor at tnetconsulting.net
Wed Mar 31 23:53:17 UTC 2021


On 3/31/21 10:00 AM, Tony Finch wrote:
> Because of this, if it's important for you to avoid multi-second 
> DNS lookup times ... you need to design your system so that the libc 
> resolver never tries to talk to a DNS server that isn't available.

I've seen various client OSs fail in really weird ways when the first 
DNS server in the list doesn't respond quick enough, much less never.

> Another way is a high availability setup for your recursive servers.

+1 to something like VRRP / CARP / routing tricks to make sure that the 
Virtual / Service IP that client's use as the first DNS server is always 
available.  Even if the first and second IP are on the same system for a 
few minutes while the other is patched.



-- 
Grant. . . .
unix || die

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4013 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20210331/3ed82200/attachment.bin>


More information about the bind-users mailing list