"/etc/resolv.conf" revisited

[Bhangui_S]

Thanks Barry for the response.

One more question  Let us say that the order in my "/etc/resov.conf" is as
follows

nameserver	M/C A (Secondary for xyz.com)

nameserver	M/C B	 (Primary for xyz.com)

I know I should have the primary first. I am just trying to understand the
roll-over feature properly in a test environment.  But does BIND care about
which is primary or secondary while I try to resolve a name. Or does this
file just tells BIND the order in which to look. Because under the above
configuration I get the following results.


1. Try to resolve a name by trying to ping by name am able to resolve
properly. (So I guess is is picking the information from M/C A and
responding as it is the first server in the order now being secondary here
for xyz.com does it matter here?)

2. Now I kill the named on M/C A. And I try to ping a machine on the network
by name it gives me more than 5 Seconds timeout and does not come back with
a response immediately as I would have thought it would move to M/C B and
resolve it promptly. Now is this caused becasue M/C A was secondary and M/C
B was primary.?

Well if that is the case I may have to setup one more test machine as
primary and test the scenario as I cannot get the named done on M/C B which
is my actual primary in the realworld.

Can somebody comment on this.

Thanks
Sandeep

 


-----Original Message-----
From: Barry Margolin [mailto:barmar at genuity.net]
Sent: Thursday, May 18, 2000 3:25 PM
To: comp-protocols-dns-bind at moderators.isc.org
Subject: Re: "/etc/resolv.conf" revisited


In article <200E2FA22B2AD2119AC000104B6A0A8601FEDE52 at PSBMAIL1>,
Bhangui_S  <Bhangui_S at bls.gov> wrote:
>Hello
>	Many including Barry had answered some of my queries about the
>functioning of the order of the name server in "/etc/resolv.conf" but it
>looks like I still have some confusion.
>
>I am on Solaris Box whose e"/etc/resolv.conf" looks like
>
>
>domain 		xyz.com
>
>nameserver	IP address of M/C A (Primary Internal DNS server, A solaris
>Box, Bind 4.9.4)
>
>nameserver	IP address of M/C B (Secondary Internal DNS Server, NT box)
>
>nameserver       IP address of M/C C  (Our DNS outiside the firewall with
>very few internal entries, Bind 8.2.2P5)
>
>With the above configuration I am able to resolve all the internal names to
>an IP addr as defined in the Internal DNS.
>
>Now the questions I have are.
>
>1. With the above configuration if something happens to bind on M/C A . M/C
>B should pick up and should answer to the queries with a lag of whatever
>time bind will spend querying the m/c A and I think that is 5 seconds. Is
>that correct? 

Correct.  This is as described on p.107 of the DNS & BIND book.


>Now if the order in "/etc/resolv.conf is changed to the following
>
>domain 		xyz.com
>
>nameserver 	M/C C	(External DNS outside the firewall)
>
>nameserver	M/C  B   (Secondary Internal DNS Server)
>
>Following discussions pertaining to the configuration above.
>
>Now if I try to resolve a Internal name (the name is not defined on M/C C)
I
>believe as long as the named is alive on M/C C I should get a response as
>unknown host. Now if the named for some reason is not up and running or is
>dead on M/C C than it will wait for a response from M/C C and after that 5
>seconds interval query M/C B and I should be able to resolve that name as
>the M/C B knows about the internal name" Is this correct 

Correct.

>So can I state this that as long as BIND is running on M/C C and it
responds
>to a query it will never roll over to M/C B even though it cannot resolve a
>Internal name. It will go and query M/C B only if M/C C is down or BIND on
>M/C C does not respond to the DNS queries.

Correct.

Failover to backup nameservers only occurs when a query times out, not when
a response with an error comes back.  The purpose of multiple nameservers
is to provide fault-tolerance when nameservers crash.

-- 
Barry Margolin, barmar at genuity.net
Genuity, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the
group.