Query re. /etc/resolv.conf...

Matthew Seaman matthew at FreeBSD.org
Tue Sep 6 09:33:39 UTC 2016

On 2016/09/06 10:03, Karl Pielorz wrote:
> Can someone confirm this should work that way? - I thought by default it
> was always "try the first, timeout, try the second..."
> It doesn't appear to be working that way for us :(

Given that the timeout for a DNS query is a pretty huge 30s -- a value
that was set when the Internet had much less bandwidth and much more
latency than it does today -- the 'trying resolvers in sequence'
mechanism you suggest would take far too long for interactive use.

Instead, what happens is that queries are fired off to each resolver in
sequence with a much shorter gap between them.  This continues until an
answer to the query is received, which can come from any of the servers,
or until all of the queries have timed out.

Clearly this doesn't explain your observed behaviour.  Hmmm.... No, I
don't see how adding an extra nameserver to resolv.conf could give you
any worse behaviour than before.  I think you'ld have to grab DNS
traffic with tcpdump(8) and perform some detailed analyses to debug that.

You could try adding:

options timeout:1

to resolv.conf and see if that makes a difference.

However, my experience is that local unbound is extremely stable and not
at all likely to fail.  Adding extra nameservers to /etc/resolv.conf
really doesn't get you very much, and just isn't worth the effort.



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 972 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20160906/4d8f913f/attachment.sig>

More information about the freebsd-questions mailing list