From owner-freebsd-net Sat Dec 5 15:04:16 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id PAA21691 for freebsd-net-outgoing; Sat, 5 Dec 1998 15:04:16 -0800 (PST) (envelope-from owner-freebsd-net@FreeBSD.ORG) Received: from whistle.com (s205m131.whistle.com [207.76.205.131]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id PAA21685 for ; Sat, 5 Dec 1998 15:04:14 -0800 (PST) (envelope-from archie@whistle.com) Received: (from smap@localhost) by whistle.com (8.7.5/8.6.12) id PAA11231; Sat, 5 Dec 1998 15:03:18 -0800 (PST) Received: from bubba.whistle.com( 207.76.205.7) by whistle.com via smap (V2.0) id xma011227; Sat, 5 Dec 98 15:03:11 -0800 Received: (from archie@localhost) by bubba.whistle.com (8.8.7/8.6.12) id PAA00885; Sat, 5 Dec 1998 15:03:11 -0800 (PST) From: Archie Cobbs Message-Id: <199812052303.PAA00885@bubba.whistle.com> Subject: Re: resolver behaviour In-Reply-To: <36309.912891594@gjp.erols.com> from Gary Palmer at "Dec 5, 98 03:59:54 pm" To: alk@pobox.com Date: Sat, 5 Dec 1998 15:03:11 -0800 (PST) Cc: net@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL38 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Gary Palmer writes: > Tony Kimball wrote in message ID > > IMO, current resolver behaviour is not appropriate. > > > > I would like the resolver to try all the nameservers at once, and > > return any positive lookup response. > > Can you say `packet storm'? I knew you could ... All our servers here run > local nameservers, and only have secondary nameserver entries listed for the > rare occasions named core dumps. I don't want to go increasing the ammount of > UDP traffic on to my backup nameservers by a factor of 50 (if not more). Even > switched fastether can only take so much. > > Seems your problem is not the resolver, but your nameserver setup. My guess i > problems arise from doing lookups on `internal' addresses on `external' > nameservers? The correct solution then is to run a nameserver on the firewall > and force it to bind only to 127.0.0.1. You use that in your resolv.conf, and > teach it enough about the topology to answer properly. For split-DNS stuff and firewalls, where you want to direct queries for different domains to different name servers, you might find this patch useful.. ftp://ftp.whistle.com/pub/archie/misc/forwardzone.html -Archie ___________________________________________________________________________ Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message