DNS Timeout Errors

• Previous message (by thread): DNS Timeout Errors
• Next message (by thread): drone army on the move, anyone wanna help out?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Jay,

> Is anyone else experiencing DNS timeout errors.  I've tried using
> multiple name resolvers, and tested multiple domain names using
> different name servers, and I keep getting "name not found" errors.

> Trying the same domain name a second time, and it resolves ok.  This
> all started a few days ago.

About three weeks ago, some of our users have told us that they were
experiencing many DNS resolution failures while surfing the Web.  We
analyzed this, and part of the explanation we came up with should work
for others, especially if the following conditions are met:

Are you using BIND 9 on the recursive nameserver that you normally use?
If so, does the installation of BIND 9 on your recursive nameserver
include support for DNS queries over IPv6?

BIND 9 seems to have trouble when a nameserver responds fine under
IPv4, but doesn't respond well (or at all) under IPv6 (e.g. because
IPv6 connectivity between you and the server is somehow broken): It
will continue to query the name server under its unresponsive IPv6
address in some situations.  I have seen this a lot when tracing IPv6
DNS queries from our recursive name servers(*).

This can be very noticeable, especially since A.GTLD-SERVERS.NET and
B.GTLD-SERVERS.NET now have AAAA records (IPv6 addresses).  Many
ccTLDs - including ours - have recently added IPv6-reachable name
servers, too.

I'm wondering whether many users are seeing this, but I have no idea
how to gather data on this, especially historical data.  (Except maybe
trying to correlate access times from server logs of popular Web
servers that refer to each other.)

I'm attaching a message from comp.protocols.dns.bind that refers to
this problem.
-- 
Simon.

(*) In our case, our recursive name server was using the wrong source
    address for its queries, namely its anycast IPv6 address (Linux
    IPv6 source address selection sucks!), so it would often not
    receive a response to a query over IPv6, because the response
    would end up at another anycast instance.

    But I assume the more common case is that the IPv6 queries don't
    reach the authoritative name server at all, because the recursive
    name server doesn't have global IPv6 connectivity.  The IPv6
    connectivity problem may also be at the end of an important
    authoritative server, and still cause problems.

-------------- next part --------------
An embedded message was scrubbed...
From: Mark Andrews <Mark_Andrews at isc.org>
Subject: Re: BIND 9.2.2 recursive queries lag badly, Bind8 does not
Date: Sun, 14 Nov 2004 12:26:23 +1100
Size: 3519
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20041209/2439112f/attachment.mht>

• Previous message (by thread): DNS Timeout Errors
• Next message (by thread): drone army on the move, anyone wanna help out?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]