ChrisDrake
asked on
How to configure DNS resolution to send multiple simultaneous requests when resolving a name?
Hi,
Several times each year my ISP's name servers stop working for whatever reason.
I want my RedHat box to overcome this efficiently.
I would prefer if every name lookup my OS makes causes multiple UDP packets to be sent out to multiple different name servers, and for the first useful reply to be the one used.
I don't really want round-robin DNS lookups, nor do I want it to wait for one to fail before trying a second one - I want to achieve fast operation by using multiple simultaneous queries.
If this can be done - how do I set it up?
I plan to use my normal ISP's name server, the name server of my ISP's ISP, and the name server of a completely unrelated ISP elsewhere - all at once.
Chris.
Several times each year my ISP's name servers stop working for whatever reason.
I want my RedHat box to overcome this efficiently.
I would prefer if every name lookup my OS makes causes multiple UDP packets to be sent out to multiple different name servers, and for the first useful reply to be the one used.
I don't really want round-robin DNS lookups, nor do I want it to wait for one to fail before trying a second one - I want to achieve fast operation by using multiple simultaneous queries.
If this can be done - how do I set it up?
I plan to use my normal ISP's name server, the name server of my ISP's ISP, and the name server of a completely unrelated ISP elsewhere - all at once.
Chris.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Please be more careful with your language: there's no rule or ethic saying I cant send 2 UDP requests instead of just 1, nor is it your place to tell me not to.
How might you "write a script" to check a name server? query a name every minute for no reason? well - (A) *that* is spamming, and (B) won't be a good test, since the name gets cached, so you'll get false positives - not to mention an average 30-second delay when it goes down and can be detected.
No - I'm running a high-reliability service, and I don't want a fallback solution: I want a redundant failsafe one. I've got dual PSU's from dual power companies, dual NICs on dual ISPs, hardware RAID, all on multiple servers in 3 different countries - and I'm sick of DNS being a single point of failure every few months.
How might you "write a script" to check a name server? query a name every minute for no reason? well - (A) *that* is spamming, and (B) won't be a good test, since the name gets cached, so you'll get false positives - not to mention an average 30-second delay when it goes down and can be detected.
No - I'm running a high-reliability service, and I don't want a fallback solution: I want a redundant failsafe one. I've got dual PSU's from dual power companies, dual NICs on dual ISPs, hardware RAID, all on multiple servers in 3 different countries - and I'm sick of DNS being a single point of failure every few months.
1. "I run several DNS servers myself" -- Then run another one on this server.
-Or-
2. "Decades of experience in (and I've kept a list) over 100 different programming languages. " -- Then modify gethostbyname() and gethostbyaddr(), in glibc to use the servers in /etc/resolve.conf simultaneously.
Alan.
-Or-
2. "Decades of experience in (and I've kept a list) over 100 different programming languages. " -- Then modify gethostbyname() and gethostbyaddr(), in glibc to use the servers in /etc/resolve.conf simultaneously.
Alan.
ASKER
1. I'm already running my own custom-written one so the interface isn't free to run a 2nd
2. actually, unless someone provies an answer, I'll probably write my own DNS proxy, rather than mess with glibc. My question here was simply to see whether there's some obvious config thing I can do before wasting the time to code this solution :-)
1. (again)... you know... I guess I *could* run my own on a different interface... (spit. now I've got to try and remember how to set up a 2nd interface...)
2. actually, unless someone provies an answer, I'll probably write my own DNS proxy, rather than mess with glibc. My question here was simply to see whether there's some obvious config thing I can do before wasting the time to code this solution :-)
1. (again)... you know... I guess I *could* run my own on a different interface... (spit. now I've got to try and remember how to set up a 2nd interface...)
The DNS server could listen on the localhost if it's only to answer lookups from itself.
Alan.
Alan.
ASKER
Umm... my UDP's a smidge rusty... if it's listening on 127.0.0.1:53 and my gethostbyname() asks it to resolve (say) www.google.com, it's going to have to ultimately query googles name servers for the IP address... so where does googles name servers send these UDP reply packets? Isn't my DNS server going to need to be listening on an external socket to get the reply? And what about the old DNS servers who only honor requests from port 53?
When your dns server on localhost receives a request and needs to query a remote name server to resolve it. It will send the request via the external interface but the source port will not be udp 53 therefore the reply will be directed back to bind (or whatever) and not the custom daemon.
Alan.
Alan.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question is:
Split between td_miles, AlanBell and jlevie
Please leave any comments here within the next seven days.
PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!
khkremer
EE Cleanup Volunteer
I will leave a recommendation in the Cleanup topic area that this question is:
Split between td_miles, AlanBell and jlevie
Please leave any comments here within the next seven days.
PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!
khkremer
EE Cleanup Volunteer
ASKER
Unrelatedly, I run several DNS servers myself, and with debugging turned on I can see that almost all queries I receive arrive simultaneously at all of my name servers - so this kindof seems like the default behaviour of something (yes - I realize how "bind" or whatever resolves queries is different from how my OS's resolver does it).
Maybe if I install a caching nameserver on my own box? Does anyone know how to configure "named" aka "bind" to behave like I described above?