switching query-source address on timeout and exhaustion of available servers
Kevin Darcy
kcd at chrysler.com
Mon Nov 12 21:19:46 UTC 2007
Giuliano Gavazzi wrote:
> Hello, on one server I run BIND 9.3.1 as /sbin/named -4 on MacOSX10.3.9.
>
> In the last few days I have seen failures in resolving some domains,
> just a couple I believe. This failure happens only when the query-
> source is changed from one line (ADSL) to another (HDSL) on a
> different provider.
> I have traced the problem to a routing problem between the HDSL
> provider network and the secondaries of the domain(s) in question.
> This is what happens: the first name server queried gives a SERVFAIL
> (should not!) and then the secondaries are interrogated, but they are
> reachable only from the ADSL line. So when originated from the HDSL
> line instead, the query times out.
>
> I hope this is not a FAQ: it would be interesting to be able to switch
> query-source after a timeout or error has been hit on all nameservers
> so that the these temporary (hopefully) network problems can be
> circumvented (at least for DNS...).
>
>
I don't think it's an FAQ, in fact I don't remember anyone ever asking
it before.
The only thing that comes immediately to mind is to run two instances of
named, one of which is locked to use only the ADSL as its query-source.
Then define the zones in question in the other instance as "type
forward" to the "locked-down" instance. Make sure to define "forward
first" for those zones, though (as opposed to "forward only"): in this
way, if for some reason the queries are timing out or returning slowly
from ADSL, the non-locked-down instance will fall back to attempting to
resolve the name _without_ using forwarding, which gives an extra chance
of resolution using the HDSL line as a query-source.
- Kevin
More information about the bind-users
mailing list