 |  |
At 8:15 PM -0600 12/7/00, Howard Shere wrote:
Re: DNS Question
From: Men & Mice Support
Date: Thursday, December 7, 2000
Time: 6:56:55 pm
>> At 1:29 PM -0600 12/7/00, Howard Shere wrote:
>>>So, the SOA record contains something that tells whoever has the DNS records
>>>for a domain to check for an update after a certain period of time.
>>>
>>>Since ours are currently all set to the same values (mostly) the machine we
>>>have doing seconday (.2) will ask our primary (.70) if there is an update
>>>all at the same time.
>>
>> Well, roughly, anyway. When you restart a secondary server, the
>> secondary will barrage the primary with requests. Most likely,
>> they'll get answered over time - if you have enough, some will even
>> fail. The ones that fail will be retried later - this is one reason
>> to have your Retry value considerably lower than your Refresh value.
>> It's common to set the former to between 1/4 and 1/2 of the latter.
>
>Everything we have is currently setup so that the seconday asks the primary
>for updates every 30 minutes. I didn't realize this until yesterday. Perhaps
>this is too short and part of the reason we're having a problem.
Could be. The usual value is 8 hours.
>>>Also, the machines for ISP/C (they do seconday for us) will ask our .2
>>>machine for an update at the same time as well.
>>
>> Why would they ask your secondary server?
>
>We use a "hidden primary". We make all our changes to our primary and we
>have the secondary read all the zone files from our primary. We tell
>Internic and the people doing secondary for us about our secondary so our
>primary is only every hit by our primary. We did this on the advice of
>someone on the IETF who said this was the "right" way to be as secure as
>possible.
OK. I've seen people use that sort of setup. I don't know that it
offers any particular security, other than providing a backup.
>>> It seems to me that if we
>>>have enough domians on the same servers, the machine could get really slow
>>>during this time.
>>
>> I suppose that's true. We haven't seen it.
>>
>>>What do other people do? Do they stagger the update values to prevent this
>>>from happenning? Has anyone else had problems where the server only replies
>>>with something that is already in the cache and can't get anything new.
>>
>> We certainly haven't seen this problem, but then we don't host as
>> many domains as you (and many others of our customers) do, aside from
>> test servers.
>>
>> During a mass refresh, we still get quick responses from the server.
>
>Our current problem is that at times (and we have yet to find any
>correlation to zone transfers - it was just a guess) QDNS 2.2.1 responds
>quickly to a request if the domain has already been cached, but times out if
>it hasn't. This makes browsing the net really slow 'cause the customer waits
>until it times out to ask the second DNS server listed in thier settings.
Hmmm... That sounds like something we recently fixed in the 3.0
server. We should be releasing 2.2.2 soon, as a final bug-fix release
of the 2.x series, and it may contain the fix for this problem.
____________________________________________________________________
Chris Buxton Men & Mice
cbuxton@menandmice.com We Make DNS Easy!
Messages In This Thread:
Return to Digital Point Solutions' Home Page