Solved

How to configure DNS resolution to send multiple simultaneous requests when resolving a name?

Posted on 2003-10-29
13
435 Views
Last Modified: 2010-04-21
Hi,

Several times each year my ISP's name servers stop working for whatever reason.

I want my RedHat box to overcome this efficiently.

I would prefer if every name lookup my OS makes causes multiple UDP packets to be sent out to multiple different name servers, and for the first useful reply to be the one used.

I don't really want round-robin DNS lookups, nor do I want it to wait for one to fail before trying a second one - I want to achieve fast operation by using multiple simultaneous queries.

If this can be done - how do I set it up?

I plan to use my normal ISP's name server, the name server of my ISP's ISP, and the name server of a completely unrelated ISP elsewhere - all at once.

Chris.
0
Comment
Question by:ChrisDrake
13 Comments
 
LVL 13

Accepted Solution

by:
td_miles earned 23 total points
Comment Utility
DNS isn't designed to work that way. It will wait for the DNS server chosen to time out first before trying a second server. It wouldn't make any sense to send multiple queries at once as then it would be wasting bandwidth (from the DNS servers point of view).

The only alternative I can thin kof would be to write a script that checks every xxx minutes for a functional DNS server (from your ISP) and if it detects no response, then it will switch the DNS servers your box uses.
0
 
LVL 2

Author Comment

by:ChrisDrake
Comment Utility
I don't think this is true.

Unrelatedly, I run several DNS servers myself, and with debugging turned on I can see that almost all queries I receive arrive simultaneously at all of my name servers - so this kindof seems like the default behaviour of something (yes - I realize how "bind" or whatever resolves queries is different from how my OS's resolver does it).

Maybe if I install a caching nameserver on my own box?  Does anyone know how to configure "named" aka "bind" to behave like I described above?
0
 

Assisted Solution

by:AlanBell
AlanBell earned 22 total points
Comment Utility
I've got to agree with td_miles here, spamming multiple, flakey name servers isn't going to help the situation. Either writing a script which periodically checks that your ISP's name servers are alive, if not then 'cp resolve.backup resolve.conf' or running your own name server (maybe start by reading http://www.tldp.org/HOWTO/DNS-HOWTO.html) is a better solution.

Alan.
0
 
LVL 2

Author Comment

by:ChrisDrake
Comment Utility
Please be more careful with your language: there's no rule or ethic saying I cant send 2 UDP requests instead of just 1, nor is it your place to tell me not to.

How might you "write a script" to check a name server?  query a name every minute for no reason? well - (A) *that* is spamming, and (B) won't be a good test, since the name gets cached, so you'll get false positives - not to mention an average 30-second delay when it goes down and can be detected.

No - I'm running a high-reliability service, and I don't want a fallback solution: I want a redundant failsafe one.  I've got dual PSU's from dual power companies, dual NICs on dual ISPs, hardware RAID, all on multiple servers in 3 different countries - and I'm sick of DNS being a single point of failure every few months.
0
 

Expert Comment

by:AlanBell
Comment Utility
1. "I run several DNS servers myself" -- Then run another one on this server.
-Or-
2. "Decades of experience in (and I've kept a list) over 100 different programming languages. " -- Then modify gethostbyname() and gethostbyaddr(),  in glibc to use the servers in /etc/resolve.conf simultaneously.

Alan.
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 2

Author Comment

by:ChrisDrake
Comment Utility
1. I'm already running my own custom-written one so the interface isn't free to run a 2nd

2. actually, unless someone provies an answer, I'll probably write my own DNS proxy, rather than mess with glibc.  My question here was simply to see whether there's some obvious config thing I can do before wasting the time to code this solution :-)

1. (again)... you know... I guess I *could* run my own on a different interface...  (spit. now I've got to try and remember how to set up a 2nd interface...)
0
 

Expert Comment

by:AlanBell
Comment Utility
The DNS server could listen on the localhost if it's only to answer lookups from itself.

Alan.
0
 
LVL 2

Author Comment

by:ChrisDrake
Comment Utility
Umm... my UDP's a smidge rusty... if it's listening on 127.0.0.1:53 and my gethostbyname() asks it to resolve (say) www.google.com, it's going to have to ultimately query googles name servers for the IP address... so where does googles name servers send these UDP reply packets?  Isn't my DNS server going to need to be listening on an external socket to get the reply?  And what about the old DNS servers who only honor requests from port 53?
0
 

Expert Comment

by:AlanBell
Comment Utility
When your dns server on localhost receives a request and needs to query a remote name server to resolve it. It will send the request via the external interface but the source port will not be udp 53 therefore the reply will be directed back to bind (or whatever) and not the custom daemon.

Alan.
0
 
LVL 40

Assisted Solution

by:jlevie
jlevie earned 22 total points
Comment Utility
The way to solve your problem is to run a local caching-only nameserver and specify that as the first nameserver in resolv.conf. If Bind is not configured to use a forwarder it will go directly to the root servers and recurse to the nameserver for whatever domain the query is associated with bypassing your ISP's nameservers completely.
0
 
LVL 44

Expert Comment

by:Karl Heinz Kremer
Comment Utility
No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question is:
Split between td_miles, AlanBell and jlevie
Please leave any comments here within the next seven days.

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

khkremer
EE Cleanup Volunteer

0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

In this tutorial I will explain how to make squid prevent malwares in five easy steps: Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-…
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now