DNRD / Patches / #4 Patch to handle SERVFAIL and NOERROR with zero answers

#4 Patch to handle SERVFAIL and NOERROR with zero answers

Status: open

Owner: nobody

Labels: None

Priority: 5

Updated: 2009-03-05

Created: 2009-03-05

Creator: Keerthana

Private: No

Regarding SERVFAIL and NOERROR with zero answers:
------------------------------------------------
A DNS Server may return the following responses in case of some internal error.
a) DNS response with SERVFAIL error
b) DNS response with NOERROR but zero answer records.
The above responses do not mean that the domain name (for which resolution was requested) is invalid, it just means that the server was unable to perform the resolution due to some problem at the server. The same DNS request may get a successful response if tried again with this DNS server (or) when a different DNS server is contacted. RFC 1526 (Common DNS Implementation Errors and Suggested Fixes) discusses regarding this.

Current DNRD Behavior:
----------------------
Currently, DNRD caches DNS responses with SERVFAIL error or NOERROR with zero answer records and the same response is returned to the client. Dnrd also does not try to repeat the DNS resolution request with any of the other active servers in its list. This causes DNS resolution for this domain name to stop working for a significant amount of time, until the cache entry times out and also the specific DNS server recovers from its error state.
In this same scenario, when a Windows PC (with the same DNS Servers used with DNRD) is used to perform DNS resolution, it is able to successfully resolve the domain names to IP Addresses because - when one of the DNS Servers returns a response with either SERVFAIL or NOERROR with zero answers, then it retries or contacts the next DNS Server in its list for the resolution.

New behavior with patch:
------------------------
The provided patch checks DNS responses to see if it is SERVFAIL or NOERROR with zero answers. In this case, it does not cache this response. So when the client retries, the same DNS Server will be retried with this request. This ensures that DNRD does not halt DNS resolution for this domain because of caching.
If the DNS Server consistently gives responses with SERVFAIL or NOERROR with zero answers, then it is deactivated, and the next active server will be tried.
This ensures that DNS resolution via DNRD does not stop working for a long time.

Discussion

Keerthana - 2009-03-05

Patch to handle SERVFAIL and NOERROR with zero answers

dns_servfail_zeroans_patch

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Patch to handle SERVFAIL and NOERROR with zero answers

Group

Searches

Help

#4 Patch to handle SERVFAIL and NOERROR with zero answers

Discussion