Date: Wed, 4 Apr 2001 08:45:12 -0700 (PDT) From: "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net> To: at@rominet.net (Alain Thivillon) Cc: freebsd-stable@FreeBSD.ORG Subject: Re: Strange localhost NS look attempts Message-ID: <200104041545.IAA16525@gndrsh.dnsmgr.net> In-Reply-To: <20010404093726.B46227@vinea.teaser.fr> from Alain Thivillon at "Apr 4, 2001 09:37:26 am"
next in thread | previous in thread | raw e-mail | index | archive | help
[Charset iso-8859-1 unsupported, filtering to ASCII...] > Kenneth W Cochran <kwc@world.std.com> _crivait (wrote) : > > > Agreed, I think it has more to do with the nameserver. But > > maybe Yet Another Netscape Problem? Any idea(s) as to a fix? > > This is because answer of DNS server comes back after the resolver > timeout : query socket is closed and kernel log a connection attempt. Does anyone see a huge descrepancy in these two contants: named/ns_defs.h:#define RETRY_TIMEOUT 45 br1.reply.net:root {176}# grep -i timeout /usr/include/resolv.h #define RES_TIMEOUT 5 /* min. seconds between retries */ Our systems log 10 of thousands of these UDP port 53 vain connections, and now I see clearly why. If your not running a local named you only give a remote query 5 seconds, yet the remote named will try for 45 seconds to get you an answer... blech!!! IMHO RES_TIMEOUT should be >> RETRY_TIMEOUT. Or at least RES_TIMEOUT should reflect the way that named works as far as it's own retries of getting data: /* * Compute retry time for the next server for a query. * Use a minimum time of RETRYBASE (4 sec.) or twice the estimated * service time; * back off exponentially on retries, but place a 45-sec. * ceiling on retry times for now. (This is because we don't hold a reference * on servers or their addresses, and we have to finish before they time out.) */ Ie retries go at 4, 8, 16, and 32 seconds, then we hit the 45 second wall. I am going to try a libc with RES_TIMEOUT set at 16 and see what it does for the rate of log messages.... Either way, that 5 second RES_TIMEOUT has got to be placing an unneeded load on our nameservers, due to the fact that the resolver gives up before named does :-(. > > Or should I Just Live With It? > > Unless you want to recompile libc with a higher timeout (see > /usr/include/resolv.h) (and as Netscape is a a.out binary, you should > recompile libc of FreeBSD 2.2.8). Thats just what I am going to do, thanks for pointing me at resolv.h :-) -- Rod Grimes - KD7CAX @ CN85sl - (RWG25) rgrimes@gndrsh.dnsmgr.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200104041545.IAA16525>