From owner-freebsd-stable Wed Apr 4 8:45:40 2001 Delivered-To: freebsd-stable@freebsd.org Received: from gndrsh.dnsmgr.net (GndRsh.dnsmgr.net [198.145.92.4]) by hub.freebsd.org (Postfix) with ESMTP id 4858B37B720 for ; Wed, 4 Apr 2001 08:45:36 -0700 (PDT) (envelope-from freebsd@gndrsh.dnsmgr.net) Received: (from freebsd@localhost) by gndrsh.dnsmgr.net (8.9.3/8.9.3) id IAA16525; Wed, 4 Apr 2001 08:45:12 -0700 (PDT) (envelope-from freebsd) From: "Rodney W. Grimes" Message-Id: <200104041545.IAA16525@gndrsh.dnsmgr.net> Subject: Re: Strange localhost NS look attempts In-Reply-To: <20010404093726.B46227@vinea.teaser.fr> from Alain Thivillon at "Apr 4, 2001 09:37:26 am" To: at@rominet.net (Alain Thivillon) Date: Wed, 4 Apr 2001 08:45:12 -0700 (PDT) Cc: freebsd-stable@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG [Charset iso-8859-1 unsupported, filtering to ASCII...] > Kenneth W Cochran _crivait (wrote) : > > > Agreed, I think it has more to do with the nameserver. But > > maybe Yet Another Netscape Problem? Any idea(s) as to a fix? > > This is because answer of DNS server comes back after the resolver > timeout : query socket is closed and kernel log a connection attempt. Does anyone see a huge descrepancy in these two contants: named/ns_defs.h:#define RETRY_TIMEOUT 45 br1.reply.net:root {176}# grep -i timeout /usr/include/resolv.h #define RES_TIMEOUT 5 /* min. seconds between retries */ Our systems log 10 of thousands of these UDP port 53 vain connections, and now I see clearly why. If your not running a local named you only give a remote query 5 seconds, yet the remote named will try for 45 seconds to get you an answer... blech!!! IMHO RES_TIMEOUT should be >> RETRY_TIMEOUT. Or at least RES_TIMEOUT should reflect the way that named works as far as it's own retries of getting data: /* * Compute retry time for the next server for a query. * Use a minimum time of RETRYBASE (4 sec.) or twice the estimated * service time; * back off exponentially on retries, but place a 45-sec. * ceiling on retry times for now. (This is because we don't hold a reference * on servers or their addresses, and we have to finish before they time out.) */ Ie retries go at 4, 8, 16, and 32 seconds, then we hit the 45 second wall. I am going to try a libc with RES_TIMEOUT set at 16 and see what it does for the rate of log messages.... Either way, that 5 second RES_TIMEOUT has got to be placing an unneeded load on our nameservers, due to the fact that the resolver gives up before named does :-(. > > Or should I Just Live With It? > > Unless you want to recompile libc with a higher timeout (see > /usr/include/resolv.h) (and as Netscape is a a.out binary, you should > recompile libc of FreeBSD 2.2.8). Thats just what I am going to do, thanks for pointing me at resolv.h :-) -- Rod Grimes - KD7CAX @ CN85sl - (RWG25) rgrimes@gndrsh.dnsmgr.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message