Queries fail first time round

[Simon Waters]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Simon Hobson wrote:
> I have a longstanding issue with our BIND setup. If a domain has not
> been queried for some time, a query for a host in it often fails the
> first time, but then repeating the request results in a successful
> lookup. The lookup failures happen with a wide range of domains, so
> I'm pretty certain it's going to be something internal.

Do give an example domain, it might help, as there are a lot of badly
configured domains.

I'd suggest trying to reproduce with "dig" at the server to eliminate
client code.

> Does anyone have any clues how to track this one down ?

Apple use to some odd resolver stuff, do you know precisely what the
client is doing?

Also you can get the situation where the client times out before the
server, if it takes a long time to resolve a query. This is often packet
loss or badly configured servers causing undue delay in resolving, but
leads to the circumstance you describe.

I have at least one web browser that routinely gives up after a few
seconds for any DNS request, most of the time reload works fine as the
server has finished completing the request in the mean time.

Similarly an overloaded, BIND server might also cause the client to time
out.

And yes upgrade from BIND 8.2, why not BIND 9 as the ISC recommend?

Before packet tracing I usually switch on BIND's own debugging
facilities, which are easier to read than some packet tracers output
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE/JPjpGFXfHI9FVgYRAnUuAJ40MfvowU+E1k6RF5OW23InY2LwsQCeJNAh
fFGTFcW8MoaZBNLbYIiiH18=
=YXB/
-----END PGP SIGNATURE-----