On Sun, Jun 29, 2008 at 1:25 AM, Rick Barlow <[EMAIL PROTECTED]> wrote:
> We have identified a situation where our Linux guests are generating an > unnecessary amount of IP traffic when doing DNS lookup. The first DNS > query fails because it is using an unknown query type (28). The host then I have seen similar things with DNS servers that were not following the RFCs close enough. The IPv6 enhancements for DNS (from late 80's) specify very specific rules for the response on the AAAA query. The proper responses in this case would be to return a "no, but do have IPv4" and that would be settled in one more query. Some servers are known to produce the wrong return code or try to outsmart us in other ways (see RFC4074). I've had my share of servers that override TTL or fail to see the difference between "no response" and "response no" ;-) Some of that breaks things like negative cache that is important to reduce DNS traffic. Since we could not change the broken AIX DNS, we ran our own Linux DNS that was authorative for our domain, it was easy to use the same DNS servers as cached resolvers as well. You might also want to rethink the use of (multiple) domain searches in your DNS resolver. It may be that the YaST installer tempted you into that. I see that more as a convenience to end-users, and expect that it rarely plays a role in servers. Most things in servers are done through FQN or just the host name in one single domain. Rob -- Rob van der Heij Velocity Software http://velocitysoftware.com/ ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
