From nobody Tue Oct 11 18:41:56 2022 X-Original-To: freebsd-questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Mn4QB55WKz4f9Ns for ; Tue, 11 Oct 2022 18:42:10 +0000 (UTC) (envelope-from pprocacci@gmail.com) Received: from mail-oa1-x2c.google.com (mail-oa1-x2c.google.com [IPv6:2001:4860:4864:20::2c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Mn4QB0kgmz3HPG for ; Tue, 11 Oct 2022 18:42:10 +0000 (UTC) (envelope-from pprocacci@gmail.com) Received: by mail-oa1-x2c.google.com with SMTP id 586e51a60fabf-1324e7a1284so16966477fac.10 for ; Tue, 11 Oct 2022 11:42:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=+Q12q/eSxs8bOOL3Ebtowha127lLTasoHw7fa3G4TqI=; b=KYYxiIIh9JPZy3W8hPNwZFrGMi9rk8SN3onKlnGIObgHIjEGArXyBXLF0jm+GYhkxp M/4bZAPWqsN4TWir0wPQs/3LbEYGn0haKpA7yQhq6i1oYZS359zvjQhadonMcts0TFLb xv3976uBFYa2YOKBSWEo6+0zsP/Hx9oVS2BPxHaEf8uROAjPdkxDazm937Ub7MrxB/6d 7kVBQoCmbXg7g/6vQTNBKAXXwhil29qHGX9ddyqnAIBaROn7tUC2ur6xG3NCeNhD+RtO GgPRcn/+6XLVdpfwPckGL+6WzYeR40aJvNkfY+Rfq0pPBL518GklCBm4wlDMU57493dy fTRQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=+Q12q/eSxs8bOOL3Ebtowha127lLTasoHw7fa3G4TqI=; b=5pQZZf62b2x3d6FCAXCYi0zONWWy74yMhaa9Pi62VYXKayTpdaWW+BVrBwKOZ9MHLa Bbp1FXw+XHHvG1itTvMt7PIjahrNOPw3Pfh+aULQeG1lpYt6+Oh1unhP5aqRRX1ZpSSl t85PW7O4K/m31zBFKcNqABy9jTKGz91iKcOGejDYP/YAV5fot27Ns2RUNkcNWlFfKt56 KNlRCX7YK8olDfnBSaND1VFAUIZwGE8+soJIjgh75fV4onpbPk8O66FkmcZMrHA577h5 PjPuY002HtSnWJC0X9MW0+JGmuRp3BvoSALf8i6LdHybfHudTfg/0uDzWcOUiGdHL8R6 tRSw== X-Gm-Message-State: ACrzQf1utadHJFbnQL5KjokI1jJKlnkIBRYz5jHD5qcR93xKKnxXdY8k xcIghq9zYQgidjvBEZ+NgSiMi3mFHrGlYg7EIcMsxBz/vQ== X-Google-Smtp-Source: AMsMyM4scZB9Uu8zF6TDx1Zjs67k//FZU+p7V7mb9yOvhDiruhoxr87Fn/B8ECYkTZvPYTCPMIPSux9qjtjrotoPoVk= X-Received: by 2002:a05:6870:45a0:b0:131:9207:7d95 with SMTP id y32-20020a05687045a000b0013192077d95mr334117oao.148.1665513729097; Tue, 11 Oct 2022 11:42:09 -0700 (PDT) List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org MIME-Version: 1.0 References: In-Reply-To: From: Paul Procacci Date: Tue, 11 Oct 2022 14:41:56 -0400 Message-ID: Subject: Re: resolv.conf question To: Doug Denault Cc: freebsd-questions@freebsd.org Content-Type: multipart/alternative; boundary="0000000000003103ce05eac6a227" X-Rspamd-Queue-Id: 4Mn4QB0kgmz3HPG X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20210112 header.b=KYYxiIIh; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of pprocacci@gmail.com designates 2001:4860:4864:20::2c as permitted sender) smtp.mailfrom=pprocacci@gmail.com X-Spamd-Result: default: False [-4.00 / 15.00]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-1.000]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; R_SPF_ALLOW(-0.20)[+ip6:2001:4860:4000::/36]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20210112]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; MLMMJ_DEST(0.00)[freebsd-questions@freebsd.org]; RCVD_TLS_LAST(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; ASN(0.00)[asn:15169, ipnet:2001:4860:4864::/48, country:US]; RCVD_IN_DNSWL_NONE(0.00)[2001:4860:4864:20::2c:from]; FREEMAIL_ENVFROM(0.00)[gmail.com]; MIME_TRACE(0.00)[0:+,1:+,2:~]; RCPT_COUNT_TWO(0.00)[2]; MID_RHS_MATCH_FROMTLD(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; FROM_HAS_DN(0.00)[]; ARC_NA(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; TO_DN_SOME(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; FREEMAIL_FROM(0.00)[gmail.com]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim] X-ThisMailContainsUnwantedMimeParts: N --0000000000003103ce05eac6a227 Content-Type: text/plain; charset="UTF-8" On Tue, Oct 11, 2022 at 1:03 PM Doug Denault wrote: > I have a resolve.conf specifying two name servers. The first one is in the > same data center, the second one is an Amazon virtual server. I had to > reboot a jail system. As Murphy would have it the local nameserver for > some > reason did not answer when the jails were started. > > I had assumed that if server one was not available the after the fail time > server two was tried. This only happened for the first jail. The linux > writeups (as I understand them) would seem to imply the second server > should be tried. > > So I tried to RTFM, /usr/src/contrib/ldns/resolver.c in this case. It is > almost certain that the system was up but bind did not respond. The source > is a bit above my pay grade but it did seem possible that if that was the > case, the second server was never tried. This is what actually happened. > > There were no other issues as each of the jails started fine with a manual > boot. Does anyone know if the timeout and/or retry setting offer a way > around this. > > _____ > Douglas Denault > http://www.safeport.com > doug@safeport.com > Voice: 301-217-9220 > Fax: 301-217-9277 > > Hi Doug, They are certainly tried in succession. If you couldn't resolve a given name, then something was certainly wrong. For testing, had you tried moving the second to the first? I'd bet the result would have been the same and there was instead something else going on. Thanks, ~Paul -- __________________ :(){ :|:& };: --0000000000003103ce05eac6a227 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


On Tue, Oct 11, 2022 at 1:03 PM = Doug Denault <doug@safeport.com= > wrote:
I ha= ve a resolve.conf specifying two name servers. The first one is in the
same data center, the second one is an Amazon virtual server. I had to
reboot a jail system. As Murphy would have it the local nameserver for some=
reason did not answer when the jails were started.

I had assumed that if server one was not available the after the fail time =
server two was tried. This only happened for the first jail. The linux
writeups (as I understand them) would seem to imply the second server
should be tried.

So I tried to RTFM, /usr/src/contrib/ldns/resolver.c in this case. It is almost certain that the system was up but bind did not respond. The source =
is a bit above my pay grade but it did seem possible that if that was the <= br> case, the second server was never tried. This is what actually happened.
There were no other issues as each of the jails started fine with a manual =
boot. Does anyone know if the timeout and/or retry setting offer a way
around this.

_____
Douglas Denault
ht= tp://www.safeport.com
doug@safeport.com
Voice: 301-217-9220
=C2=A0 =C2=A0Fax: 301-217-9277