named

[Richard Pieri]

On Nov 30, 2010, at 11:17 PM, Edward Ned Harvey wrote:
> 
> I find this extra half a second or so ... is often enough the factor which
> causes timeout versus non timeout.  Or else ... perhaps the timeout is

This is how DNS and UDP is supposed to work.  For the sake of argument, say that the base lookup TTL is 1 second and you have a list of three higher-level resolvers to query.  Your resolver queries the first in the list.  If it does not receive a response within 1 second then it tries the second with 2 times base TTL.  If it does not receive a response then it tries the third with 4 times base TTL.  If it still does not receive a response within the specified time then it starts at the top of the list again with 8 times base TTL.  This continues, doubling the previous timeout, until it reaches the end of the list a second time.  At that point it returns a hard failure.

This is why we (FSVO "we") usually list three high-level name servers in our own configurations.  If you are consistently having hard failures with your resolvers then my first suggestion is to add more high-level name servers to your list.

--Rich P.