North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: How common is lack of DNS server diversity?

  • From: Tony Rall
  • Date: Sat Jan 27 15:02:12 2001

Regarding "search", I was simply referring to the commonly used dns
terminology referring to the "search list".  See /etc/resolv.conf on any
unix system or "DNS and Bind V3", page 102.  Wait a minute, I see where
your usage may have originated.  W95 network config refers to the
nameserver list as "DNS Server Search Order", and to the domain list as the
"Domain Suffix Search Order".  MS doesn't use this wording in W2k.

As far as specifying multiple nameservers (the "nameserver" directive in
resolv.conf, or "DNS server addresses" in Win2k), as I said before I tested
it and it worked fine in Win2k.

Test procedure:

Under "Advanced TCP/IP Settings", DNS tab, remove all nameserver addresses,
add the address of a non-existent machine, add the address of a working
nameserver.  Reboot (if you're not doing this with Netswitcher).  Test.
All services work fine.

Nslookup gives you an idea about what is happening under the covers:
C:\>nslookup trall2
DNS request timed out.
    timeout was 2 seconds.
*** Can't find server name for address 9.1.25.192: Timed out     <- the
non-existent nameserver
Server:  hawk.almaden.ibm.com
Address:  9.1.8.254                <- the working nameserver

Name:    trall2.almaden.ibm.com
Address:  9.1.77.83

Nslookup will retry the nameserver list each time, resulting in a
resolution delay.  But the IP stack resolver remembers which server is
working and doesn't retry the bad ones unless needed - there is no
resolution delay.

Feel free to test this on any other operating system and report your
results.

Tony Rall


Roeland Meyer <[email protected]> on 2001-01-27 11:10:34

To:   Tony Rall/Almaden/[email protected], Roeland Meyer <[email protected]>
cc:   [email protected]
Subject:  RE: How common is lack of DNS server diversity?


> From: Tony Rall [mailto:[email protected]]
> Sent: Saturday, January 27, 2001 10:54 AM
>
> >MS DNS, WinNT4 and below, have broken search algorithm
> implementations.
> >DDNS, Win2K, is currently untested.
>
> Search algorithm?  I thought we were talking about making
> full use of the
> dns server list - i.e., if first server doesn't respond try
> the next one in
> the list.

I think, *that* is called a search algorithm. Try it at root level, with
WinNT, you'll find that it doesn't work. Better yet, try it with BIND8
(*nix, of course) too, and compare the results.

If your test doesn't produce the same results, please send test-plan,
scripts, and methods to me. I'd be very interested.