DNS MX timeouts

Mark Andrews marka at isc.org
Fri Jun 26 23:45:44 UTC 2009 

In message <4A452428.9020701 at provident-solutions.com>, "Vernon A. Fort" writes:
> I've run into a problem with named and timeouts primarily with MX 
> lookups.  When a MX query fails the first time, i have to restart the 
> named process before it will return a successful query.  Again, its 
> mainly with MX lookups but it also happens with A records as well.  The 
> problem subsides for 1-2 hours and starts happening again - basically i 
> look in the mailq for deferred messages with MX lookup failures.
> 
This box is a Gentoo install running a medium volume (500K per day) mail 
> server - lots of dns queries due to rbl's, spamassassin, etc.  This 
> problem started showing up around mid-may.  Since then, i have 
> re-installed bind and bind-tools several times, updated the kernel, 
> linux headers to 2.6.29, recompiled glibc, etc....
> 
> I just updated to 9.6.0-P1 from 9.4.3-P2 - same problem exists.  When 
> doing a manual MX lookup (dig MX isc.org) - it takes around 45 seconds 
> on the first attempt.  If it fails the first time, it will never return 
> a positive query, just "connection timed out; no servers could be 
> reached" until i restart named.  I can't say for sure but the bind 
> application was updated around the time i noticed this problem.  All 
> versions of bind i have tried (in gentoo portage) have the same problem.
> 
> Can anyone help me find where this problem might be?  I've google'd 
> until my eyes are red and throbbing.
> 
> Thanks
> 
> Vernon
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

I suggest that you fix your firewalls to allow 4096 byte EDNS
responses though.  Both ORG and ISC.ORG are signed zones so there
reponses are larger than with unsigned zones.  Named is having to
retry with different options to get a response through your firewall
and this takes time.

A EDNS/UDP MX response is 1999 bytes for isc.org.

;; Query time: 872 msec
;; SERVER: 2001:4f8:0:2::19#53(2001:4f8:0:2::19)
;; WHEN: Sat Jun 27 09:39:34 2009
;; MSG SIZE  rcvd: 1999

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the bind-users mailing list