Bind behaves weirdly

Tue Dec 28 09:02:38 UTC 2004

This is just a wild guess, but is it possible that your ISP's DNS
server(s) have some issues themselves?  Possibly they are overloaded (oh
my god, I said that outloud) or have invalid forwarders, etc.

dnstracer is a tool that you can use to trace dns paths, it probably
won't give you much useful info on your ISPs servers though.

One other thought that comes to mind is that when your ISP has long
delays (>2000ms) in doing initial lookups, it will obviously cache that
data so then later your manual queries appear fast (<100ms) because they
are coming from recently cached data.  Try querying your ISP for some
obscure url (try www.blah.ch) to see if it's initial query takes a
significant amount of time.

Btw, www.blah.ch took comcast Atlanta about ~2500ms for the initial AND
second query.  After that it returned fine time after time until there
was a 30 sec pause. After that another query took another ~2500ms.  A
few minutes later all queries for www.blah.ch returned in <50ms
intervals.  I guess that this is a sign of something... just not sure
what. ;-)

-Jim P.

On Tue, 2004-12-28 at 09:28 +0100, jc pinoteau wrote:
> I'll try this. At least it will tell me who is guilty.
> 
> My idea of using forwarding was for users comfort. Without forwarding =
> the
> researches starts from the root servers and some requests takes over =
> five
> seconds (the first time of course!), while with forwarding on the ISP's =
> DNS
> (when it works!) the same requests takes a few milliseconds.
> 
> I am still interested to figure out what's going wrong between my DNS =
> and
> the ISP's DNS. How can I get a trace of exchanges between those two?
> 
> Thanks for helping guys!
> 
> 
> 
> -----Message d'origine-----
> De=A0: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org] De =
> la part
> de phn at icke-reklam.ipsec.nu
> Envoy=E9=A0: mardi 28 d=E9cembre 2004 07:48
> =C0=A0: comp-protocols-dns-bind at isc.org
> Objet=A0: Re: Bind behaves weirdly
> 
> jc pinoteau <jc.pinoteau at laposte.net> wrote:
> > I am using bind 9.2.3 for caching only on several gateways with =
> different
> > ISPs. On one of them I get weird results. It won't resolve google.com =
> (for
> > instance) for a few hours then it would do it again (without any =
> action
> from
> > my part). It will give the same result as if I was digging on a non
> existing
> > domain.
> > It is not a problem with the ISP as digging on the ISP's DNS returns a
> good
> > result.
> 
> > If I restart bind it works again.
> 
> > How can I analyse what is happening?=20
> 
> 
> Better yet, how to resolve the issue. ??
> 
> 
> Start with disabling forwarding. You won't need it the only thing you=20
> will get is dependency of you forwarders ( which seems to cause you =
> trouble)
> 
> >            forward first;
> >            forwarders {
> >                195.68.0.1;
> >                195.68.0.2;
> 
> >            };
> 	     ^^^^^^^^^^^^
> 
> remove these 5 lines
> 
> 
> 
> --=20
> Peter H=E5kanson        =20
>         IPSec  Sverige      ( At Gothenburg Riverside )
>            Sorry about my e-mail address, but i'm trying to keep spam =
> out,
> 	   remove "icke-reklam" if you feel for mailing me. Thanx.
> 
> 
> 