Two forwarders in my internals name servers

[Kevin Darcy]

Miriam Benham wrote:

> it is not just by the browser, it also happens when I do nslookup from the
> command line in my windows machine.

It could affect any DNS resolver in the same way.

> By the way my dns in the public segment are running 8.2.3 and in the
> internal 8.1.2. Do you think this is an issue.

Running a root-exploitable nameserver is unwise, even if it's "internal".

Since BIND 8.2.3 may alleviate your forwarder-failover problem, I think it's
worth upgrading, regardless of the security implications. Why not kill two
birds with one stone?


- Kevin

> -----Original Message-----
> From: Kevin Darcy [mailto:kcd at daimlerchrysler.com]
> Sent: Wednesday, April 11, 2001 3:26 PM
> To: bind-users at isc.org
> Subject: Re: Two forwarders in my internals name servers
>
> Your browser is timing out the query and retrying it. By the second try, the
> answer to the query is in your internal nameserver's cache, so the query is
> answered quickly.
>
> Note that BIND 8.2.3 supposedly has better forwarder-failover behavior. If
> you
> haven't already, you might consider upgrading to see if that alleviates the
> problem. It's a good idea anyway, for security reasons...
>
> - Kevin
>
> Miriam Benham wrote:
>
> > I have a primary and secondary dns in the public segment pointed like
> > forwarders for the internal name servers.
> >
> > What I notice is that when the primary name server goes down and the
> > secondary became in place to process the queries, the resolution from the
> > same internal host take times and it brings me this error.
> >
> > DNS request timed out.
> >     timeout was 2 seconds.
> >
> > When I'm browsing it take time and fail, but if I try the same site again
> it
> > brings me the page. Every time I have to try twice the addresses to be
> able
> > to reach these.
> >
> > Can somebody tells me what's going on.