From nobody Tue Oct 11 20:41:18 2022 X-Original-To: freebsd-questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Mn73h0b6lz4fNYc for ; Tue, 11 Oct 2022 20:41:20 +0000 (UTC) (envelope-from doug@safeport.com) Received: from ogunquit.safeport.com (ogunquit.safeport.com [147.160.157.18]) by mx1.freebsd.org (Postfix) with ESMTP id 4Mn73g2Mf2z3SB5 for ; Tue, 11 Oct 2022 20:41:19 +0000 (UTC) (envelope-from doug@safeport.com) Received: from bucksport.safeport.com (bucksport.safeport.com [147.160.157.15]) by ogunquit.safeport.com (Postfix) with ESMTP id 4173A968B; Tue, 11 Oct 2022 16:41:18 -0400 (EDT) Date: Tue, 11 Oct 2022 16:41:18 -0400 (EDT) From: Doug Denault To: Paul Procacci cc: freebsd-questions@freebsd.org Subject: Re: resolv.conf question In-Reply-To: Message-ID: References: User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org MIME-Version: 1.0 Content-Type: MULTIPART/MIXED; BOUNDARY="0-1475784876-1665520878=:66282" X-Rspamd-Queue-Id: 4Mn73g2Mf2z3SB5 X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of doug@safeport.com designates 147.160.157.18 as permitted sender) smtp.mailfrom=doug@safeport.com X-Spamd-Result: default: False [-2.20 / 15.00]; CTYPE_MIXED_BOGUS(1.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-0.999]; R_SPF_ALLOW(-0.20)[+ip4:147.160.157.18]; RCVD_NO_TLS_LAST(0.10)[]; MIME_GOOD(-0.10)[multipart/mixed,text/plain]; FROM_EQ_ENVFROM(0.00)[]; MLMMJ_DEST(0.00)[freebsd-questions@freebsd.org]; R_DKIM_NA(0.00)[]; FREEMAIL_TO(0.00)[gmail.com]; MIME_TRACE(0.00)[0:+,1:+]; RCPT_COUNT_TWO(0.00)[2]; ARC_NA(0.00)[]; MID_RHS_MATCH_FROMTLD(0.00)[]; FROM_HAS_DN(0.00)[]; ASN(0.00)[asn:6405, ipnet:147.160.157.0/24, country:US]; TO_DN_SOME(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DMARC_NA(0.00)[safeport.com]; RCVD_COUNT_TWO(0.00)[2] X-ThisMailContainsUnwantedMimeParts: N This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. --0-1475784876-1665520878=:66282 Content-Type: TEXT/PLAIN; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8BIT On Tue, 11 Oct 2022, Paul Procacci wrote: > On Tue, Oct 11, 2022 at 1:03 PM Doug Denault wrote: > I have a resolve.conf specifying two name servers. The first one is in the > same data center, the second one is an Amazon virtual server. I had to > reboot a jail system. As Murphy would have it the local nameserver for some > reason did not answer when the jails were started. > > I had assumed that if server one was not available the after the fail time > server two was tried. This only happened for the first jail. The linux > writeups (as I understand them) would seem to imply the second server > should be tried. > > So I tried to RTFM, /usr/src/contrib/ldns/resolver.c in this case. It is > almost certain that the system was up but bind did not respond. The source > is a bit above my pay grade but it did seem possible that if that was the > case, the second server was never tried. This is what actually happened. > > There were no other issues as each of the jails started fine with a manual > boot. Does anyone know if the timeout and/or retry setting offer a way > around this. > > _____ > Douglas Denault > http://www.safeport.com > doug@safeport.com > Voice: 301-217-9220 >    Fax: 301-217-9277 > > Hi Doug, > > They are certainly tried in succession. > > If you couldn't resolve a given name, then something was certainly wrong. > For testing, had you tried moving the second to the first? > > I'd bet the result would have been the same and there was instead > something else going on. Thanks Paul. For performance reasons, especially if the first listed server is always used, I want that in our data center. Aside from speed, no hacking is possible. My purpose here is to figure how resolv.conf works. If more than one entry is effectively useless, I would be tempted to use 8.8.8.8. Also the jail mother had not been booted in several months and only now because I f-ed up changing the root password. _____ Douglas Denault http://www.safeport.com doug@safeport.com Voice: 301-217-9220 Fax: 301-217-9277 --0-1475784876-1665520878=:66282--