Re: disabling aaaa queries

From: Ben Halicki (bhalicki_at_dodo.com.au)
Date: 11/25/04 

Date: 24 Nov 2004 20:05:49 -0800

Simon Waters <simon@wretched.demon.co.uk> wrote in message news:<co30nd$2ks$1$830fa7a5@news.demon.co.uk>...
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Ben Halicki wrote:
> |
> | Got it! The problem seems to be that when bind cannot resolve the
> | ipv6 query, it waits to try an upstream dns server, even though
> | forwarders weren't specified. This results in a 5 second delay.
> | Specifying allow-recursion {none;}; as a global option solved the
> | problem. I guess it's just a matter of developing a suitable acl to
> | allow recursion for some domains and not others.
>
> You still sound confused on how DNS works. As I said there is no
> reason to expect a difference for AAAA and A queries, they are just
> records. So if it has to time out for AAAA it will timeout for A.
>

So if AAAA and A are in theory treated as just records, why would DNS
timeout instantly on A records, but take 5 seconds to timeout on AAAA
records?

> "allow-recursion {none;};" just switches of the DNS service, and you
> almost certainly don't want to do that on a server you point client
> at. You usually want to do it on a server that serves authoritative
> data only.
>

I understand that allow-recursion {none;} does switch off delegation,
however, for a DNS server serving authoritative data for a LAN I
didn't see a problem with this.

Is it possible that all IPv6 requests could be denied by my upstream
ISPs DNS server, which would cause instant timeouts?

> My guess is that you have broken delegation of a domain, or similar
> errors in the NS record for some domains.
> -----BEGIN PGP SIGNATURE-----
> Comment: Using GnuPG with Debian - http://enigmail.mozdev.org
>
> iD8DBQFBpQYuGFXfHI9FVgYRAs9/AJ9m3kelWGEtjhwOe+dl/00OdDm4BwCdFysn
> SJ8sEauLrUjH5Ss2tPKEqsQ=
> =TdI4
> -----END PGP SIGNATURE-----

Relevant Pages

  • Re: nslookup - sometimes working, sometimes get a time out
    ... "aks" wrote in message ... But increasing the timeout has same results, ... DNS server in the client NIC settings. ... Herb Martin> "Herb Martin" wrote: ...
    (microsoft.public.windows.server.dns)
  • Re: DNS host name
    ... Rgds ... > about the nslookup message, post the entire unedited message so we can give ...
    (microsoft.public.win2000.dns)
  • Can I specify the resolver timeout?
    ... We have two internal DNS servers in a FreeBSD web cluster. ... timeout takes 10 to 15 seconds on FreeBSD 4.9-STABLE. ... we want to get a response within 3 seconds or the resolver should ... try the second DNS server. ...
    (freebsd-questions)
  • Re: nslookup - sometimes working, sometimes get a time out
    ... But increasing the timeout has same results, ... sometimes I get back a result for nslookup, ... "Herb Martin" wrote: ... > figure out why the DNS server is not answering ...
    (microsoft.public.windows.server.dns)
  • Re: Primary & Secondary DNS Server Problem
    ... > I set the timeout to 20 seconds and it still fails. ... that DNS server fails the Recursive test when I do it in the DNS gui ... > "Herb Martin" wrote in message ...
    (microsoft.public.windows.server.dns)