On Fri, Dec 23, 2005 at 10:26:30AM -0700, Richard Fish wrote > If I had to make a guess, I would say that your ISP has got some > kind of proxy service setup that lies to you about the address of > www.google.com, so that you actually connect through one of their > servers. > > If that is the case, then it is also possible that they set the > expire time on the DNS responses to expire immediately to prevent > any local caching of the addresses.
Probably some load-balancing "magic" by Google... Searching for 72.14.203.104 in whois.arin.net OrgName: Google Inc. OrgID: GOGL Address: 1600 Amphitheatre Parkway City: Mountain View StateProv: CA PostalCode: 94043 Country: US NetRange: 72.14.192.0 - 72.14.239.255 CIDR: 72.14.192.0/19, 72.14.224.0/20 NetName: GOOGLE NetHandle: NET-72-14-192-0-1 Parent: NET-72-0-0-0-0 NetType: Direct Allocation NameServer: NS1.GOOGLE.COM NameServer: NS2.GOOGLE.COM Comment: RegDate: 2004-11-10 Updated: 2005-07-01 > You might test with a less popular address, something that is unlikely > to be cached/proxied by your ISP. > > Anyway nscd appears to be setup and working correctly. Ping connected > to the nscd socket, and did not send any DNS queries directly. So > your end looks like it is setup and working correctly. More proof that it "works"... I tried connecting to a Yahoo forum, and got a negative response for messages.yahoo.com on the first try. The "negative cache" feature certainly "worked". Several retries failed as well. I set "negative-time-to-live hosts 2" and re-started nscd, and the forum now works. I'm obviously able to specify a shorter negative cache time. Is there any way for nscd to over-ride the maximum TTL from the DNS server for a positive hit? On a more positive note, ZDNet forums seem much snappier now. They've been slow in the past, 3 megabits ADSL notwithstanding. -- Walter Dnes <[EMAIL PROTECTED]> In linux /sbin/init is Job #1 My musings on technology and security at http://tech_sec.blog.ca -- gentoo-user@gentoo.org mailing list
