[f-nsp] ServerIron dropping empty UDP DNS reply

Bjørn Mork bjorn at mork.no
Fri Jun 22 07:48:12 EDT 2012


David Hubbard <dhubbard at dino.hostasaurus.com> writes:

> Hi all, we're using ServerIron's to load balance internal
> DNS queries to a series of systems running a caching dns
> server software called dnscache (part of djbdns).  The
> way dnscache works is it sends an empty reply if it has no
> answer to a given query.  Apparently the ServerIron's drop
> these valid replies so the querying system has to wait for a
> timeout to the failed lookup instead of knowing it failed
> immediately.
>
> This had not really been a problem in the past however RHEL 6
> and most of its applications and daemons are now IPv6-aware
> and will issue quad-A queries for a given name even if IPv6
> is disabled on the host in question.  That's causing usability
> issues at the application level because every DNS lookup
> causes a five second pause while the app waits for the quad-A
> answer that the ServerIron has discarded.

How about configuring Direct Server Return?  That would prevent the
ServerIron from processing the replies at all, which would give you
twice as many sessions too.


Bjørn




More information about the foundry-nsp mailing list