Note that the 'host' command overrides some of the default resolv.h settings.
In particular the timeout is downgraded to a second, so if your internal server is not working quick enough it will go to the secondary and return the failure. What does ping on the host do? That will use a regular gethostbyname() with the default resolv.h settings (eg: 5 second timeout). What is the output of dig -t A <host> @10.10.10.4 say for the query time? From: rhelv5-list-boun...@redhat.com [mailto:rhelv5-list-boun...@redhat.com] On Behalf Of Gerhardus Geldenhuis Sent: Thursday, March 01, 2012 9:00 AM To: Red Hat Enterprise Linux 5 (Tikanga) discussion mailing-list Subject: Re: [rhelv5-list] strange DNS resolution or lack off Fair enough but then it should still be trying the first entry which it apparently does not do which is basically my question. resolv.conf man page is not very clear... timeout:n sets the amount of time the resolver will wait for a response from a remote name server before retrying the query via a different name server. Measured in seconds, the default is RES_TIMEOUT (currently 5, see <resolv.h>). attempts:n sets the number of times the resolver will send a query to its name servers before giving up and returning an error to the calling application. The default is RES_DFLRETRY (currently 2, see <resolv.h>). It fails to mention what a valid and invalid response would be and how if/how it would be treated as a failure. Regards On 1 March 2012 15:43, Musayev, Ilya <imusa...@webmd.net> wrote: Corey is correct. Record not found does not mean dns server is unreachable, failover only occurs if dns server is unreachable on port 53. From: rhelv5-list-boun...@redhat.com [mailto:rhelv5-list-boun...@redhat.com] On Behalf Of Corey Kovacs Sent: Thursday, March 01, 2012 10:23 AM To: Red Hat Enterprise Linux 5 (Tikanga) discussion mailing-list Subject: Re: [rhelv5-list] strange DNS resolution or lack off They are tried in sequence if the first fails to talk to a server at all, not if a record isn't found. What you need is to have your internal DNS forward lookups to the external DNS that are not handled by the internal. C On Mar 1, 2012 8:12 AM, "Gerhardus Geldenhuis" <gerhardus.geldenh...@gmail.com> wrote: Hi I have a freshly build rhel5u7 server from the DVD not updated. It has two interfaces: DEVICE=eth0 ONBOOT=yes HWADDR=00:0C:29:6B:78:6C TYPE=Ethernet BOOTPROTO=static IPADDR=10.10.10.102 NETMASK=255.255.255.0 DNS1=10.10.10.4 DNS2=192.168.9.1 and DEVICE=eth1 ONBOOT=yes HWADDR=00:0C:29:6B:78:76 TYPE=Ethernet BOOTPROTO=dhcp DNS1=10.10.10.4 DNS2=192.168.9.1 PEERDNS=no I have a custom /etc/resolv.conf search example.com nameserver 10.10.10.4 nameserver 192.168.9.1 If I run the command host myserver.example.com I get Host myserver.example.com not found: 3(NXDOMAIN) However if I disable the second name server (192.168.9.1) it works. Now to explain the 10.10.10.4 server is my own dns server and the 192.168.9.1 server is the dns server for all external dns lookups. The docs says nameserver entries in /etc/resolv get tried sequentially but it does not seem to happen for me. I did a strace but I could not see anything significantly different between the two lookups with different /etc/resolv.conf files. I would appreciate anyone shedding any light on the problem. ipv6 is disabled Regards -- Gerhardus Geldenhuis _______________________________________________ rhelv5-list mailing list rhelv5-list@redhat.com https://www.redhat.com/mailman/listinfo/rhelv5-list _______________________________________________ rhelv5-list mailing list rhelv5-list@redhat.com https://www.redhat.com/mailman/listinfo/rhelv5-list -- Gerhardus Geldenhuis This email communication and any files transmitted with it may contain confidential and or proprietary information and is provided for the use of the intended recipient only. Any review, retransmission or dissemination of this information by anyone other than the intended recipient is prohibited. If you receive this email in error, please contact the sender and delete this communication and any copies immediately. Thank you. http://www.encana.com _______________________________________________ rhelv5-list mailing list rhelv5-list@redhat.com https://www.redhat.com/mailman/listinfo/rhelv5-list