Paul Wouters: Re: [dnssec-deployment] DNS cache issue

Mark Andrews Mark_Andrews at isc.org
Mon Nov 26 11:48:25 UTC 2007


> 
> On 24 Nov 2007, at 01:34, Mark Andrews wrote:
> > 	grep "too many timeouts resolving" /var/log/named | \
> > 	awk '{ print $12}' | sort -u | wc
> > 	      26      26     485
> >
> > 		apnic.NET
> 
> that surprised me, so I went and pointed dig at their servers with  
> edns buffersize set to 4096 and asked for www.apnic.net.
> it all worked (though one of the servers, cumin.apnic.net responds  
> quite differently than the rest)
> 
> 
> Why are you seeing timeouts with this zone?
> 
> Joao

bsdi:marka 18:54 {10} % grep apnic.NET /var/log/named 
Nov  7 00:34:29 bsdi named[22396]: too many timeouts resolving 'sec1.apnic.net/A' (in 'apnic.NET'?): disabling EDNS
bsdi:marka 22:36 {11} % 

	Timeouts are just that, timeouts.  If it wasn't for broken
	auth server and broken middle boxes we would be treating
	timeouts as what they originally were,  dead servers / lost
	packets.

	I keep getting tempted to remove all this code to fallback
	to plain DNS on timeout.  It really should not be required.

	Note the log isn't saying that the remote site doesn't
	support EDNS.  You really need to do a full test before you
	can make that call.  It's just saying that we have had
	multiple timeouts and that we know that by disabling EDNS
	we will, in some cases, get a response.

	Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org


More information about the bind-workers mailing list