On Mon, Jul 11, 2011 at 04:06:42PM -0400, Bill Owens wrote:
On Mon, Jul 11, 2011 at 02:11:57PM -0400, Jonathan Kamens wrote:
The number of DNS queries required for each address lookup requested by
a client has gone up considerably because of IPV6. The problem is being
exacerbated by the
In message 4e1d3c05.7040...@kamens.us, Jonathan Kamens writes:
You seem to have a really big chip on your shoulder about people who run =
broken DNS servers. I don't like them any more than you do. But I=20
learned Be generous in what you accept and conservative in what you=20
generate way
No. The fix is to correct the nameservers. They are not correctly
following the DNS protocol and everything else is a fall out from
that.
Well, all the prodding from people here prompted me to investigate
further exactly what's going on. The problem isn't what I thought it
was. It appears
On 07/13/2011 02:13 AM, Mark Andrews wrote:
No. The fix is to correct the nameservers. They are not correctly
following the DNS protocol and everything else is a fall out from
that.
You're right that everything else is fallout from that.
But that doesn't do me much good, does it? It's my
On 7/13/2011 2:35 AM, Jonathan Kamens wrote:
On 07/13/2011 02:13 AM, Mark Andrews wrote:
Well, all the prodding from people here prompted me to investigate
further exactly what's going on. The problem isn't what I thought it
was. It appears to be a bug in glibc, and I've filed a bug report and
On 7/13/2011 1:06 PM, Kevin Darcy wrote:
On 7/13/2011 2:35 AM, Jonathan Kamens wrote:
On 07/13/2011 02:13 AM, Mark Andrews wrote:
Well, all the prodding from people here prompted me to investigate
further exactly what's going on. The problem isn't what I thought it
was. It appears to be a bug
I agree that the order of the A/ responses shouldn't matter to the
result. The whole getaddrinfo() call should fail regardless of whether the
failure is seen first or the valid response is seen first. Why? Because
getaddrinfo() should, if it isn't already, be using the RFC 3484 algorithm
On 7/13/2011 2:39 PM, Jonathan Kamens wrote:
I agree that the order of the A/ responses shouldn't matter to the
result. The whole getaddrinfo() call should fail regardless of whether
the failure is seen first or the valid response is seen first. Why?
Because getaddrinfo() should, if it
Well, all the prodding from people here prompted me to investigate
further exactly what's going on. The problem isn't what I thought it
was. It appears to be a bug in glibc, and I've filed a bug report and
found a workaround.
In a nutshell, the getaddrinfo function in glibc sends both A and
The number of DNS queries required for each address lookup requested by
a client has gone up considerably because of IPV6. The problem is being
exacerbated by the fact that many DNS servers on the net don't yet
support IPV6 queries. The result is that address lookups are frequently
taking so
Jonathan Kamens j...@kamens.us wrote:
I said above that the problem is exacerbated by the fact that many DNS servers
don't yet support IPV6 queries. This is because the queries don't get
NXDOMAIN responses, which would be cached, but rather FORMERR responses, which
are not cached. As a
Jonathan Kamens wrote:
I said above that the problem is exacerbated by the fact that many DNS
servers don't yet support IPV6 queries. This is because the queries
don't get NXDOMAIN responses, which would be cached, but rather FORMERR
responses, which are not cached. As a result, the
On 7/11/2011 3:10 PM, Tony Finch wrote:
Jonathan Kamensj...@kamens.us wrote:
I said above that the problem is exacerbated by the fact that many DNS servers
don't yet support IPV6 queries. This is because the queries don't get
NXDOMAIN responses, which would be cached, but rather FORMERR
On 7/11/2011 3:26 PM, Eivind Olsen wrote:
I think the main issue here is - why is your nameserver thinking it has
IPv6 connectivity?
No, this isn't the issue.
I see the FORMERR errors in syslog and the timeouts resolving host names
even when I start named with -4.
Named is querying for
On Mon, Jul 11, 2011 at 02:11:57PM -0400, Jonathan Kamens wrote:
The number of DNS queries required for each address lookup requested by
a client has gone up considerably because of IPV6. The problem is being
exacerbated by the fact that many DNS servers on the net don't yet
support IPV6
On 07/11/2011 07:11 PM, Jonathan Kamens wrote:
The number of DNS queries required for each address lookup requested
by a client has gone up considerably because of IPV6. The problem is
being exacerbated by the fact that many DNS servers on the net don't yet
support IPV6 queries. The result is
On 7/11/2011 4:06 PM, Bill Owens wrote:
https://lists.isc.org/pipermail/bind-users/2011-March/083109.html
in which the first sentence says it all: The nameservers for wikipedia.org are
broken.
It's not just wikipedia.org that's broken, obviously. I see this error
in my logs for 19 domains
On 7/11/2011 2:11 PM, Jonathan Kamens wrote:
The number of DNS queries required for each address lookup requested
by a client has gone up considerably because of IPV6. The problem is
being exacerbated by the fact that many DNS servers on the net don't
yet support IPV6 queries. The result is
I'm unclear how BIND could be modified to fix this. The querying
client machines are asking BIND for records. BIND goes out to
the authoritative nameservers to attempt to resolve said records.
The broken nameservers (PowerDNS 3.0 etc) timeout or otherwise hand
out bad responses
On Jul 11, 2011, at 1:25 PM, Jonathan Kamens wrote:
Even if PowerDNS is the only source of this issue, and even if the new
version of PowerDNS is released tomorrow, I'm sure there will still be sites
running the old version a year from now. So just relying on a PowerDNS
release to fix this
On Mon, Jul 11, 2011 at 04:25:59PM -0400, Jonathan Kamens wrote:
On 7/11/2011 4:06 PM, Bill Owens wrote:
https://lists.isc.org/pipermail/bind-users/2011-March/083109.html
in which the first sentence says it all: The nameservers for
wikipedia.org are broken.
It's not just wikipedia.org
In message 4e1b562b.2070...@kamens.us, Jonathan Kamens writes:
On 7/11/2011 3:26 PM, Eivind Olsen wrote:
I think the main issue here is - why is your nameserver thinking it has=
IPv6 connectivity?
No, this isn't the issue.
I see the FORMERR errors in syslog and the timeouts resolving
In message 4e1b5c57.8090...@kamens.us, Jonathan Kamens writes:
On 7/11/2011 4:06 PM, Bill Owens wrote:
https://lists.isc.org/pipermail/bind-users/2011-March/083109.html
in which the first sentence says it all: The nameservers for wikiped=
ia.org are broken.
It's not just wikipedia.org
On 07/11/2011 11:11, Jonathan Kamens wrote:
The number of DNS queries required for each address lookup requested by
a client has gone up considerably because of IPV6. The problem is being
exacerbated by the fact that many DNS servers on the net don't yet
support IPV6 queries.
I have to
Users are experiencing this problem now in the field, and more users
will
be experiencing it as BIND is upgraded in more and more places. Every
single user relying on a Fedora 15 DNS server, for example, is going to
see occasional unnecessary DNS timeouts when trying to resolve host
Wikipedia have been told multiple times that their nameservers are
broken, that they fail to add the CNAME records, as required by RFC
1034, which results in garbage answers being returned. Those garbage
answers result in the FORMERR log messages.
Both of the answers below should have CNAME
26 matches
Mail list logo