Quick dns lookups is critical for many applications. I consider to change the default timeout option in
/etc/resolv.conf from 5 seconds to something less (maybe 1 second?) to reduce the impact of a
unresponsive dns-server. Also the "rotate" option will help a bit.
Still with these changes a 1 second delay for at least 50% of the lookups is very slow and will
influence application performance a lot. Normally a reply is probably received within 10 milliseconds
(only lookups within the organization are performed with a fast lan/wan between the resolver and the
I'm a bit surprised that the resolver in libc is not more sophisticated.
Wouldn't it be quite simple to implement som sort of blacklist of non responding dns-servers.
For instance if the first dns-server in resolv.conf did not reply within the configured timeout, the
resolver could send the next queries directly to the second and third dns servers in resolv.conf.
After a predefined number of seconds the first one could be tried again (maybe increasing the number of seconds every time
to a maximum like for instance 3600).
To avoid problems like this I see that people suggest many solutions like nscd, unbound, load balancing/failover of
dns-servers etc, but that may not be easy to implement in all cases.
A bit more robustness in the libc resolver would maybe have been better/safer in many cases.
How do you solve this?
Erling Ringen Elvsrud