* Mikael <mikael.tr...@gmail.com> [2013-12-20 09:58:39 +0200]: > Hi Matthew, > > Aha so the files of reference are asr.c ( > http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/asr/asr.c?rev=1.31;content-type=text%2Fplain > ) > and res_send_async.c ( > http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/asr/res_send_async.c?rev=1.19;content-type=text%2Fplain > ) > > > Do I understand it right that when the DNS resolver fails with a resolve, > it actually retries with the *next* DNS server of resolv.conf, > > and thus for a resolve to fail, 4 DNS servers in a row must be unresponsive > within the timeout which is 5 seconds per attempt (ac_nstimeout)? > > (this is implemented in iter_ns at the bottom of res_send_async.c.) > > > So then, the resolve failures I experienced cannot have been due to failure > about an individual DNS server being down, but instead, that it took 4 of > them in a row each more than 5 seconds to complete the resolve - and that > in turn must have been because of some extremely serious lag about the > resolved domain's DNS server? > > I guess to safeguard for such problems, it would help to have only one DNS > server, this being 127.0.0.1, run a local named/dnsmasq/etc., so then that > one would get all the four retries, thus relatively increasing the chance > by 4x that the resolve will actually look, as the server does caching > between resolves so if the first resolve took 17 seconds then the fourth > one will be the succeeding one? > > > Thanks, > Mikael
Generally, when comes to the local DNS resolver less is more. I do two name servers. I also, make sure all the localhosts stuff is present in /etc/hosts. so, there is generally two types of failures, a failed lookup which will trigger a retry to the next NS. and a NS handing out a negitive record which then follows the neg TTL for when it will retry. hope this helps.... -Nex6 > > > 2013/12/20 Matthew Dempsky <matt...@dempsky.org> > > > On Thu, Dec 19, 2013 at 2:36 PM, Mikael <mikael.tr...@gmail.com> wrote: > > > a) OpenBSD's resolver configured to retry 999 times before failing, and > > > [...] > > > If so, is there any way to do a)? > > > > In src/lib/libc/asr/asr.c, change "ac->ac_nsretries = 4;" to > > "ac->ac_nsretries = 999;", recompile, and reinstall. > > > > However, I wouldn't recommend you actually do this. You should > > instead focus on figuring out why your DNS queries are failing in the > > first place, and/or fix your downstream users to handle HTTP errors > > correctly.
