On 12/27/05, David Malone <[EMAIL PROTECTED]> wrote: > On Sun, Dec 25, 2005 at 06:41:57PM +0200, Rostislav Krasny wrote: > > defined as 4. In a case the DNS server isn't responding the > > gethostbyname() makes 8 (eight!) reverse resolving attempts for one > > (!) non-responding DNS server before it returns error. And this is by > > default. All that is still true for my current 6.0-STABLE. > > > > http://www.freebsd.org/cgi/query-pr.cgi?pr=bin/62139 > > > > As a workaround I may suggest addind "options attempts:2" or even > > "options attempts:1" line to the /etc/resolver.conf > > I've often thought that we shouled make the default login timeout > longer than our DNS timeout, as it means it is hard (or impossible) > to log in to fix your DNS server when your DNS server is down. It > is even worse if you don't control some DNS server in the chain > between the root and the name you're trying to look up. > > I did once mail des@ to ask him if he'd mind me changing the default > login timeout for sshd to be (say) 5 minutes rather than 1 minute, > but I think he was busy at the time. Judging by the PR mentioned > above it should be at least 2m30s by default.
I think the RES_DFLRETRY should also be decreased from 4 to 2, as it is defined in most of other systems. By the way, BIND9, that is a part of the FreeBSD base system, has its own resolver, where the RES_DFLRETRY defined as 2 (ses below): > grep RES_DFLRETRY /usr/src/contrib/bind9/lib/bind/include/resolv.h #define RES_DFLRETRY 2 /* Default #/tries. */ > grep RES_DFLRETRY /usr/include/resolv.h #define RES_DFLRETRY 4 /* retries per each name server */ And doubling of this number of retries by functions like gethostbyname() is also mysterious for me yet. _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
