Timeout for resolver
Weeber, Burkhard
b.weeber at viastore.de
Wed Jul 18 15:42:22 UTC 2001
Thanks for the hint Barry.
Though the book doesn't shed light into my problem which is like this:
I live behind a firewall doing NAT with 2Mbit into the Internet.
Normally the DNS queries are answered in quite a reasonnable time while
the firewall keeps the UDP port it sent the request from open (180
seconds).
Since about fall last year I saw a tremendous increase of packets beeing
dropped by the firewall with a source of a name server port 53/udp and
destination firewall random port/udp. The F/W software was not changed
then.
Putting up a sniffer outside the firewall reveals that these are answer
packets that just arrive very late so I had to increase the NAT timeout
to 600 seconds. This makes at least the annoying logs go.
So my question is how long does it take these days to resolve a
non-cached record ?
Five minutes aren't enough.
Are the timeouts added up with each forwarder ?
Any hints appreciated
Burkhard Weeber
viastore systems GmbH
P/O Box 300668
D-70446 Stuttgart
Tel: +49-711-9818-0
Email: B.Weeber at viastore.de
Windows95: <win-doz-nin-te-fiv> n.
32 bit extensions and a graphical shell for a 16 bit patch to an 8 bit
operating system originally coded for a 4 bit microprocessor, written by
a 2 bit company, that can't stand 1 bit of competition.
> -----Original Message-----
> From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org]On
> Behalf Of Barry Margolin
> Sent: Wednesday, July 18, 2001 5:11 PM
> To: comp-protocols-dns-bind at moderators.isc.org
> Subject: Re: Timeout for resolver
>
>
> In article <9j3q56$5ul at pub3.rc.vix.com>,
> Weeber, Burkhard <b.weeber at viastore.de> wrote:
> >before digging in the source code perhaps you can answer
> this question:
> >
> >What is the resolvers timeout waiting for an answer to its query ?
> >Is it options.timeout ?
>
> Look up "timeouts" in the index of "DNS & BIND". The precise
> answer is a
> bit complicated and takes two pages to described.
>
> --
> Barry Margolin, barmar at genuity.net
> Genuity, Burlington, MA
> *** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them
> to newsgroups.
> Please DON'T copy followups to me -- I'll assume it wasn't
> posted to the group.
>
>
More information about the bind-users
mailing list