[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
DNS resolver reaction to non-reachable authoritative DNS server
- Subject: DNS resolver reaction to non-reachable authoritative DNS server
- From: marka at isc.org (Mark Andrews)
- Date: Fri, 14 Mar 2014 11:23:15 +1100
- In-reply-to: Your message of "Thu, 13 Mar 2014 10:28:24 -0700." <[email protected]>
- References: <CAJ0+aXZXNK4JNf4JBUyLFVPnKpJLUmoy8tY5e=Ym3RG7EaCLUQ@mail.gmail.com> <[email protected]>
In message <5321EAB8.3010200 at dougbarton.us>, Doug Barton writes:
> On 03/13/2014 12:35 AM, Anurag Bhatia wrote:
> > Hello there!
> >
> >
> > I am trying to troubleshoot a case of DNS failure issue with one of Indian
> > Govt's domain (nic.in). I can see that 1 out of 4 authoritative DNS server
> > is IPv6 only. We have quite a few users running IPv4 only setup and hence
> > 1/4 of these DNS servers are non-reachable from the recursor hosted by our
> > clients.
> >
> >
> > How is DNS query expected to respond in such case? Will it give SRVFAIL and
> > terminate immediately (causing DNS resolution failure) OR it will just see
> > one of the auth DNS as non-reachable and next will proceed with either of
> > other three thus slowing down but with no failure?
>
> Basically the latter.
>
> If your customers are using BIND there is a flag you can supply to named
> to cause it to operate only in IPv4. That would avoid this problem
> altogether.
And is basically not needed as the IP stack (with the exception of
Solaris) informs named when there isn't a route to the destination
and named moves onto the next address to try.
As to the original question. NS records without matching addresses
records happen pretty regularly. All nameservers deal with them.
Mark
> hope this helps,
>
> Doug
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org