Is anyone else experiencing DNS timeout errors. I've tried using multiple name resolvers, and tested multiple domain names using different name servers, and I keep getting "name not found" errors. Trying the same domain name a second time, and it resolves ok. This all started a few days ago. Any insights ??? Jay. +++ Jay Fenello, 678-585-9765 http://www.Fenello.com ... Startup Coaching http://www.YourWebPartner.com ... Website Partnering http://www.AligningWithPurpose.org ... For a Better World --------------------------------------------------------- "Peace cannot be kept by force. It can only be achieved by understanding." -- Dr. Albert Einstein
On Thu, 9 Dec 2004, Jay Fenello wrote:
Is anyone else experiencing DNS timeout errors. I've tried using multiple name resolvers, and tested multiple domain names using different name servers, and I keep getting "name not found" errors.
perhaps some examples of the domains queried and servers queried? source addresses of the requests might also help.
Jay,
Is anyone else experiencing DNS timeout errors. I've tried using multiple name resolvers, and tested multiple domain names using different name servers, and I keep getting "name not found" errors.
Trying the same domain name a second time, and it resolves ok. This all started a few days ago.
About three weeks ago, some of our users have told us that they were experiencing many DNS resolution failures while surfing the Web. We analyzed this, and part of the explanation we came up with should work for others, especially if the following conditions are met: Are you using BIND 9 on the recursive nameserver that you normally use? If so, does the installation of BIND 9 on your recursive nameserver include support for DNS queries over IPv6? BIND 9 seems to have trouble when a nameserver responds fine under IPv4, but doesn't respond well (or at all) under IPv6 (e.g. because IPv6 connectivity between you and the server is somehow broken): It will continue to query the name server under its unresponsive IPv6 address in some situations. I have seen this a lot when tracing IPv6 DNS queries from our recursive name servers(*). This can be very noticeable, especially since A.GTLD-SERVERS.NET and B.GTLD-SERVERS.NET now have AAAA records (IPv6 addresses). Many ccTLDs - including ours - have recently added IPv6-reachable name servers, too. I'm wondering whether many users are seeing this, but I have no idea how to gather data on this, especially historical data. (Except maybe trying to correlate access times from server logs of popular Web servers that refer to each other.) I'm attaching a message from comp.protocols.dns.bind that refers to this problem. -- Simon. (*) In our case, our recursive name server was using the wrong source address for its queries, namely its anycast IPv6 address (Linux IPv6 source address selection sucks!), so it would often not receive a response to a query over IPv6, because the response would end up at another anycast instance. But I assume the more common case is that the IPv6 queries don't reach the authoritative name server at all, because the recursive name server doesn't have global IPv6 connectivity. The IPv6 connectivity problem may also be at the end of an important authoritative server, and still cause problems.
participants (3)
-
Christopher L. Morrow
-
Jay Fenello
-
Simon Leinen