Queries fail first time round

[Simon Hobson]

Kevin Darcy wrote:

>  > I have a longstanding issue with our BIND setup. If a domain has not
>>  been queried for some time, a query for a host in it often fails the
>>  first time, but then repeating the request results in a successful
>>  lookup. The lookup failures happen with a wide range of domains, so
>>  I'm pretty certain it's going to be something internal.
>>
>>  I have two internal servers :
>>  1 - BIND 9.2.1 on RedHat 6.2
>>  2 - BIND 8.2.2-P7 on SCO OpenServer 5.0.6a
>>
>>  1 is the master for all my internal zones, 2 is the secondary. Both
>>  are configured to go out to the root servers for everything else.
>>
>>  Nothing is ever logged by either server when a lookup fails. I don't
>>  know whether to blame my DNS servers or my clients - I have a
>>  suspicion that it might be my clients (I've personally only noticed
>>  this effect with Mac clients, but then I avoid windoze as much as I
>>  can) being too demanding and refusing to wait for an answer. Our
>>  connection is with Demon Internet at 64k over ISDN (which is up
>>  almost all the time these days).
>>
>>  Does anyone have any clues how to track this one down ?
>
>Well, BIND 8 doesn't have "query restart", so in certain circumstances
>it will get only part way towards an answer and then rely on the client
>retrying its query in order to finish resolution of the name. BIND 9
>doesn't have this problem, though, so it doesn't really explain the
>symptoms you're seeing.

I guess upgrading the 8.2.2 would be a good idea.

>I haven't worked much with ISDN -- is there any possibility that
>sometimes your ISDN connection goes "idle" and then needs to "wake
>up" when it gets a DNS query, thus introducing an excessive amount of
>latency from time to time?

Well this can happen, but given the size of our network now it's 
damned hard to make it go down at all - good job we've got unmetered 
access ! The last time I tried this, I checked and the line was up 
before I started.

>  My experience has been that DNS tends to be
>like the canary in the coal mine -- it's often the first thing to fail
>whenever you have any kind of latency or packet-loss problems.

I do have a slight suspicion that there are occasional lost packets, 
but that is damned hard to find :-( Whenever I do a test with ping I 
seem to get a good result with zero or very low packet loss.

I also considered that it might be latency, if the 64k link is 
heavily used then it can take a couple of seconds for packets to get 
through, but the problem also occurs when it's quiet.

>When all speculation fails, of course, it's probably time to roll up
>your sleeves, fire up the old sniffer (which could be a piece of fancy
>standalone hardware, or just something like "tcpdump") and look what's
>happening at the packet level.

Do you have any suggestions of WHAT to look for. I've tried the 
packet sniffer before, but couldn't see anything obvious. I can't 
remember now whether anything came back with a negative response or 
not, and I don't claim any particular knowledge of the internals of 
the packets.

Simon

-- 

NOTE: This is a throw-away email address which will reach me for as 
long as it stays spam-free, remove date for real address.

Simon Hobson, Technology Specialist
Colony Gift Corporation Limited
Lindal in Furness, Ulverston, Cumbria, LA12 0LD
Tel 01229 461100, Fax 01229 461101

Registered in England No. 1499611
Regd. Office : 100 New Bridge Street, London, EC4V 6JA.