Why does Local DNS Fail when Internet is down?

Mark_Andrews at isc.org Mark_Andrews at isc.org
Fri May 24 00:38:36 UTC 2002 

> 	We are running Bind9 but this question covers behavior
> that goes back as far as DNS, itself.  When our connection to the
> Internet (root name servers), becomes intermittent, all our
> domain name servers start to hang when doing local lookups.  I
> have seen Suns exhibit this behavior back as far as I have been
> involved with bind which is about ten years.  I have always heard
> that it has to do with open file descriptors, but it still
> happens today with Bind9 running on a FreeBSD platform.
> 
> 	As soon as the network comes back to life, so do the
> dns's.  In the past, I have killed and restarted them only to
> have the hanging return within seconds which tells me it is
> something else.
> 
> 	My questions are:
> 
> 	What causes this behavior?
> Can I configure anything differently at our site to allow the
> local world to continue to operate?
> 
> 	Every time this happens, the rumblings start as to how to
> redesign things especially now that we are starting to use Novell
> Active Directory and people suddenly can't access their network
> drives, etc.
> 
> 	Our master and slave dns's use the conventional
> configuration format of all the local zones and then the root
> zone last.
> 
> 	Obviously, we want to preserve the robustness of dns
> in normal operation and not create new single-point failure
> modes.  Our present topology works perfectly when the network is
> up which is most of the time, but a couple of days of network
> hickups and the natives start to get restless.
> 
> Martin McCormick Stillwater, OK
> OSU Center for Computing and Information services Network Operations Group
> 

	If is failing because the clients are asking for things that
	can't be resolved locally.

	Things that will help.

	Ensure that you serve all zones that are in client search lists.
	Ensure that you serve the reverse zones for any local IP addresses.
	If you use RFC 2317 style reverse zone ensure that you serve both
	zones involved.
	Use fully qualified names.
	Don't use partially qualified names.  

	Update any non RFC 1535 aware resolvers.  They try the unqualified
	name as is first.

	Serve the root zone, ftp weekly to one server then distribute
	internally via AXFR.  This allows you to answer all those
	unqualified and partially qualified names and keep the
	client search lists working.

	Mark
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at isc.org

More information about the bind-users mailing list