Some domains don't resolve.

Kevin Darcy kcd at chrysler.com
Mon Jun 2 23:05:31 UTC 2008 

Matus UHLAR - fantomas wrote:
>> Ezequiel Aguerre wrote:
>>     
>>> Thanks for the advice, but no matter what forwarders I use, it's always
>>> broken. I've tried with mi ISP's forwarders, and other DNS servers (those
>>> from OpenDNS, and others), with no luck at all :(
>>>       
>
> On 01.06.08 17:47, Danny Mayer wrote:
>   
>> Don't use forwarders at all. They are not necessary and makes you 
>> dependent on someone else's DNS. It's rarely necessary anyway and 
>> provides you with no real benefits. It's surprising the number of people 
>> who think that this is of benefit to them.
>>     
>
> the forwarder of an ISP can have a huge cache which can speed up resolving
> of frewquently used names. 
This is dependent on a complex and diverse variety of factors. What are 
the relative latencies between your resolver, your ISP's server farm, 
and the Internet backbone? How busy are the ISP's resolvers (both 
sustained and peak)? What server capacity do they have? How often do 
they restart/reboot, thus clearing their caches? What are the query 
patterns of all of the clients of that ISP and what are the relative TTL 
values of the most frequently-queried names and all of the intermediate 
nodes in their respective delegation hierarchies?

What I usually tell folks is "try it and see if there is a 
measurable/noticeable benefit". Most of us don't have complex, 
multi-variable modeling tools available to us to verify "on paper" 
whether forwarding would make sense from a performance standpoint or 
not: we sometimes have to rely on good old trial & error. If you get 
better performance from forwarding, then it might make sense to use that 
resolution mechanism.

But, one thing I'd point out: while forwarding may improve the 
performance of the *best* and perhaps the *average* case, it also 
carries the risk of degrading the performance of the *worst* case, where 
the round-trip time of the ISP cache miss gets *added* to the time it 
takes to go out and fetch the information iteratively. Some environments 
want to minimize their worst-case times, even if means degrading the 
average. This is because some apps have a touchy threshold beyond which 
they will give a fatal error if the name doesn't resolve in a timely 
fashion. Yes, this is a design flaw in these apps, but the reality is 
that sometimes infrastructure needs to accommodate app brokenness.
> It also can have configured local reverse and
> direct domains that speeds up their resolution.
>   
These could be set up as *selectively* forwarded, if desired.
> It can also have local RFC 1918 and RFC 3333 (and possibly other) reverse zones that may speed up
> resolution of those, since there still are many of DNS servers that do not
> have them configured.
>   
Possible solutions: set them up locally, or implement selective forwarding.

- Kevin

More information about the bind-users mailing list