[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1767
  • Last Modified:

Change the DNS lookup timeout value from 2 seconds to 3 seconds

In Solaris 9, does anyone know how to change the DNS lookup timeout value from 2 seconds to 3 seconds?

We have several remote networks that each have a Solaris 9 server.  The remote Sun servers provide DNS for all the PCs on the local network as follows:

# cat /opt/named/etc/named.conf
options {
 directory "/opt/named/etc";
 forwarders { 10.0.254.52; 10.0.255.41; };
 forward only;
 };

 //
 // a caching only nameserver config
 zone "." in {
 type hint;
 file "db.cache";
 };

 zone "0.0.127.in-addr.arpa" in {
 type master;
 file "db.127.0.0";
 };

The probelm is that the DNS lookup requests are often timing out like this:
> pims-al.al.pims.org
Server:  pims-mk.mk.pims.org
Address:  10.250.48.67

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
*** Request to pims-mk.mk.pims.org timed-out
> pims-al.al.pims.org
Server:  pims-mk.mk.pims.org
Address:  10.250.48.67

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
*** Request to pims-mk.mk.pims.org timed-out
> pims-al.al.pims.org
Server:  pims-mk.mk.pims.org
Address:  10.250.48.67

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
*** Request to pims-mk.mk.pims.org timed-out
> pims-lt.lt.pims.org
Server:  pims-mk.mk.pims.org
Address:  10.250.48.67

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
*** Request to pims-mk.mk.pims.org timed-out
> pims-mk.mk.pims.org
Server:  pims-mk.mk.pims.org
Address:  10.250.48.67

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
*** Request to pims-mk.mk.pims.org timed-out
> pims-mk.mk.pims.org
Server:  pims-mk.mk.pims.org
Address:  10.250.48.67

Non-authoritative answer:
Name:    pims-mk.mk.pims.org
Address:  10.250.48.67

The local host uses that same DNS servers like this:

# cat /etc/resolv.conf
domain mk.pims.org
nameserver 127.0.0.1
nameserver 10.0.254.52
nameserver 10.0.255.41
search pims.org ppc.pims.org mk.pims.org
0
huffmana
Asked:
huffmana
  • 4
  • 2
5 Solutions
 
wesly_chenCommented:
Hi,

   When Nslookup starts, it attempts to resolve the IP address of its host's DNS server to its fully qualified domain name (FQDN).
If the DNS server does not respond or if the DNS server's reverse lookup zones do not contain a PTR record for the DNS server's IP address, the error message is displayed.

   So is there a PTR record for DNS  server's IP in DNS server's reverse lookup zones? By the way, I don't see the reverse
lookup zone for 10.x.x.x in your /opt/named/etc/named.conf.

   You might need to create the reverse zone and add the DNS server's IP in it first.

   Besides, there is some reason for the nslookup timeout (which is nslookup's flaw):
http://homepages.tesco.net/~J.deBoynePollard/FGA/nslookup-flaws.html

Regards,

Wesly
0
 
huffmanaAuthor Commented:
Hi Wesly, The DNS servers that are listed (10.0.254.52; 10.0.255.41) have both forward and reverse lookup zones.  I just tested and reverse lookup and it is working (see the following).  The server in the NSLOOKUP session - 10.250.48.67 - is the server where I copied the resolv.conf and named.conf files from above.  Notice that the following shows 1 timeout and then works for the second try - giving a correct reverse lookup.  (Thanks for the reference about the flawed NSLOOKUP - I'll start using DIG as soon as I understand it.)  I always thought that the "forward only" in the named.conf ment that the DNS requests would be forwarded to the DNS server - not that only forward DNS conversion was invoked.....  If "forward only" means only forward lookup is sent to the DNS servers why does reverse lookup work?  Thanks for your help, Allan

> server 10.250.48.67
DNS request timed out.
    timeout was 2 seconds.
Default Server:  [10.250.48.67]
Address:  10.250.48.67

> 10.250.88.67
Server:  [10.250.48.67]
Address:  10.250.48.67

DNS request timed out.
    timeout was 2 seconds.
*** Request to [10.250.48.67] timed-out
> 10.250.88.67
Server:  [10.250.48.67]
Address:  10.250.48.67

Name:    mail.tj.pims.org
Address:  10.250.88.67

>
0
 
wesly_chenCommented:
> The DNS servers that are listed (10.0.254.52; 10.0.255.41) have both forward and reverse lookup zones.
The question is that you query "10.250.48.67" (Hint server) first. So the problem is
nslookup check the PTR of 10.250.48.67 in its reverse lookup zones which there is no reverse lookup zone.

Anyway, DNS still work but nslookup is kind of annoying....

Wesly
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
TintinCommented:
nslookup -timeout=10 hostname
0
 
wesly_chenCommented:
> nslookup -timeout=10 hostname
Good job Tintin.

However, the DNS is still working with annoying nslookup timeout. Nothing wrong with DNS server.

Wesly
0
 
huffmanaAuthor Commented:
Yes that is exactly what I asked for (nslookup -timeout) but I'm wondering if there are DNS resolution time-outs occurring at the remote servers during normal operation.   Our satellite service has a 2 second cycle for collecting requests.  If a DNS request catches the beginning of the cycle, the response time can easily be over 2 seconds.   But I looked through the syslog and did not see any named time-outs.  Am I looking in the right place?  The things that I saw are like the following:

QUESTION: Thanks to everyone for responding to my question.  I usually like to split the points with all the good answers that I get.  How would you guys prefer that I close this ticket.  Give one particular response all the points or split the points?  Also, don't I have to select one answer as "the answer that solved my question?"  Your help is appreciated and because I would like to give the proper credit to the respondants.  your recommendations are appreciated.

messages.0:Nov 17 14:27:28 pims-mk named[544]: [ID 295310 daemon.notice] Ready to answer queries.
messages:Nov 22 11:28:09 pims-mk        root@alpha:/export/home/randall/bind-8.2.4/src/bin/named
messages:Nov 22 11:28:09 pims-mk named[454]: [ID 295310 daemon.warning] db_load could not open: db.127.0.0: No such file or directory
messages:Nov 22 11:28:09 pims-mk named[454]: [ID 295310 daemon.error] ctl_server: bind: /opt/named/etc/ndc.d/nd: Address already in use
messages:Nov 22 11:28:09 pims-mk named[177]: [ID 295310 daemon.error] ctl_writedone: /opt/named/etc/ndc.d/nd: Broken pipe
messages:Nov 22 11:30:09 pims-mk named[454]: [ID 295310 daemon.error] There may be a name server already running on [127.0.0.1].53
messages:Nov 22 11:30:09 pims-mk named[454]: [ID 295310 daemon.notice] deleting interface [127.0.0.1].53
messages:Nov 22 11:32:09 pims-mk named[454]: [ID 295310 daemon.error] There may be a name server already running on [10.250.48.67].53
messages:Nov 22 11:32:09 pims-mk named[454]: [ID 295310 daemon.notice] deleting interface [10.250.48.67].53
messages:Nov 22 11:32:09 pims-mk named[454]: [ID 295310 daemon.warning] not listening on any interfaces
messages:Nov 22 11:32:09 pims-mk named[482]: [ID 295310 daemon.notice] Ready to answer queries.
messages.0:Nov 17 11:48:07 pims-mk named[7032]: [ID 295310 daemon.notice] starting (/opt/named/etc/named.conf).  named 8.2.4-REL Fri Sep 28 16:04:56 GMT 20



0
 
wesly_chenCommented:
> If a DNS request catches the beginning of the cycle, the response time can easily be over 2 seconds.
The problem is on "nslookup" itself, not on DNS server.

Wesly
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now