Scott Lawrence wrote: > Can we improve the situation by putting a properly configured local > caching server on the same box and directing all dns requests to that? > The goal would be to get responses to be NXDOMAIN rather than SERVFAIL, > and to make them quick (including especially any repeated queries). > sipXecs already comes with a caching nameserver installed (caching-nameserver). However, it is not configured (atleast in the case where you opt out of installing the default DNS services in sipXecs). Once configured though, it works really well. The lookup times go down from an ave. 16-80msecs to 0-2msecs (not for the initial query). So, caching servers, definitely a great idea!
However, from the tests I did, the server seems to only be caching the NXDOMAIN negative responses. SERVFAIL responses are not cached (which makes sense logically, as the SERVFAIL errors are usually seen as transient faults at the DNS servers rather than errors in the domain name). So this does not really help our predicament in any way. I have spent the better part of the day hunting into the config files and googling to see if there is any way to get the caching-nameserver to cache SERVFAIL responses, but no luck (if any one has any suggestions or knows where I can get more info on this, it would be most welcome). Thirdly, converting a SERVFAIL to a NXDOMAIN is not exactly trivial. The NXDOMAIN is usually sent by the DNS authority responsible for the respective top-level domain, whereas SERVFAIL are not authoritative responses. I tried making a simple script to send spoofed NXDOMAINs to the caching server, but without it being an authoritative response from the respective top-level domain DNS server, it will not get cached. Now the final possible option I see here is to check whether doing a "nslookup invalid_domain." will make any difference (note the trailing dot). That trailing dot at the end should limit the query to only "invalid_domain" and not carry out any "invalid_domain.mylocaldomain" and other related queries (at least from what I have read). This could potentially be what is happening at the DNS server end, ultimately resulting in a SERVFAIL. Anyone got a mis-configured DNS server kicking around that I can test this theory out on? I recall from the sprint meeting that the Microsoft DNS servers do this.. Arjun _______________________________________________ sipx-dev mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-dev Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-dev
