On 3/31/21 10:00 AM, Tony Finch wrote:
Because of this, if it's important for you to avoid multi-second DNS lookup times ... you need to design your system so that the libc resolver never tries to talk to a DNS server that isn't available.
I've seen various client OSs fail in really weird ways when the first DNS server in the list doesn't respond quick enough, much less never.
Another way is a high availability setup for your recursive servers.
+1 to something like VRRP / CARP / routing tricks to make sure that the Virtual / Service IP that client's use as the first DNS server is always available. Even if the first and second IP are on the same system for a few minutes while the other is patched.
-- Grant. . . . unix || die
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
