Slow DNS (and host: connection timed out)

[Mel]

On Tuesday 10 February 2009 03:09:54 David Naylor wrote:
> On Tuesday 10 February 2009 09:33:36 Mel wrote:
> > On Thursday 05 February 2009 22:55:56 David Naylor wrote:
> > > Hi,
> > >
> > > My ISP is using a WinGate DNS but resolving host names often takes a
> > > long time.  The problem is also present in Konqueror (3 & 4) and
> > > Firefox.
> > >
> > > An example:
> > > # time host google.co.za
> > > google.co.za has address 66.249.93.104
> > > google.co.za has address 72.14.207.104
> > > google.co.za has address 64.233.161.104
> > > ;; connection timed out; no servers could be reached
> > > ;; connection timed out; no servers could be reached
> >
> > Do your own DNS. Your ISP chokes in AAAA ('IPv6') look ups. If you're not
> > allowed to, still run a local resolver with aggressive neg ttl caching.
> >
> > See the numerous tutorials on the web on how to run your own resolver.
>
> Well spotted.  You are right that the ISP is choking on AAAA, except it is
> returning SERVFAIL.  I already have a local named running and acts as a
> forwarder.  Unfortunately I have to use the ISP to resolve names (it is the
> only nameserver I have access to).

You cannot connect to an outside nameserver, due to ISP restrictions I take 
it?

> Google says bind won't cache SERVFAIL responces and I have no idea how to
> disable named from forwarding AAAA requests.

Me neither. I battled with ISC about this before, but their position is that 
ISP nameservers and loadbalancers should 'get with the program'.
Not everyone has this luxury but if your ISP has any competition in your area, 
check them out.

I briefly looked into views but you don't seem to be able to select views 
based on RRs. Firewall isn't really an option either, since you'd have to 
inspect the UDP payload.

-- 
Mel

Problem with today's modular software: they start with the modules
    and never get to the software part.