Date: Sun, 06 Dec 1998 07:21:45 -0500 From: "Gary Palmer" <gpalmer@FreeBSD.ORG> To: alk@pobox.com Cc: net@FreeBSD.ORG Subject: Re: resolver behaviour Message-ID: <48026.912946905@gjp.erols.com> In-Reply-To: Your message of "Sun, 06 Dec 1998 03:20:18 CST." <13930.17883.922553.625725@avalon.east>
next in thread | previous in thread | raw e-mail | index | archive | help
Tony Kimball wrote in message ID <13930.17883.922553.625725@avalon.east>: > Frankly, the current behaviour is just plain broken: Bum nameservers > too often prevent FreeBSD applications from connecting to extant > hosts on the Internet. If the local nameserver is bum, then that suggests a local administrative failure, does it not? This is exactly the situation you are describing ... the local nameserver that the resolver contacts cannot find the information it is looking for. If, on the other hand, the local nameserver cannot find authoratitive information from a *NON-LOCALLY* hosted zone, then that is a failure which no ammout of hackery in libc will be able to overcome because in all likelyhood the data you are looking for just *doesn't* exist, because of a remote administrative failure. Slowing down the applications acceptance of that fact will do nothing to help our users impression of FreeBSD (``It takes 5 times as long for freebsd to tell me a host doesn't exist as it does for linux ... why? YOU SUCK!!!''). I can tell you right now, that apart from the *VERY* rare of case of poisoned DNS cache, if you did this change in the environment I run at work, that is *exactly* what would happen. We'd have sendmail processes hanging around `n' times longer than they should have, because our nameserver setup *works*. Going to a different nameserver will get you exactly the same answer. It would surprise me that in the majority of the situations out there that there would be a significant number of cases where your change would help any. > : My guess is > : problems arise from doing lookups on `internal' addresses on `external' > : nameservers? > > This is one source of problems, but there are others. Again, the DNS > environment on the Internet as a whole is very poor. No, I think you are trying to fix the wrong problem here. bind is very good about handling internet failures in general. Its not libresolv's job to try and second guess what bind is doing. I say again: your nameserver setup is broken. You are really confusing the work that bind does with the work that libresolv does. > I think this is only desirable if there exists a network which depends > upon the firewall for nameservice; otherwise, it is a *kludge* to work > around a bug in gethostby*! Perhaps you are suggesting a kludge in gethostby* to work around a broken setup? Thats sure the way it reads to me. > But this only pushes the problem out one level, to named. I don't follow. You tell named that data for `x' is found on `x's namesevrer, and data for everything else is found on `y's nameserver, and it works. Thats how named is designed to work! It is *not* how libresolv is designed to work! > Archie's patch then fixes the problem. (I'd like to see that patch in > current!) If it goes in -current, then it had better be off by default. I firmly believe that this is a negatively impacting change for the majority of freebsd users out there. Make your appeals to the core team if you like, but I don't think that they'll be any more supportive of this change than I am. Gary -- Gary Palmer FreeBSD Core Team Member FreeBSD: Turning PC's into workstations. See http://www.FreeBSD.ORG/ for info To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?48026.912946905>