View previous topic :: View next topic |
Author |
Message |
Kron n00b
Joined: 22 Jan 2013 Posts: 10 Location: Belarus, Minsk
|
Posted: Wed Jan 23, 2013 7:30 am Post subject: dhcpd + resolv.conf options |
|
|
Hi!
I hope someone can help me with that.
file /etc/resolv.conf supports parameter:
options timeout:n rotate, where n - is seconds of DNS server timeout.
Is there any possibility to give this option to the clients via dhcpd server with some dhcp-option?
Thanks in advance! |
|
Back to top |
|
|
kimmie Guru
Joined: 08 Sep 2004 Posts: 531 Location: Australia
|
Posted: Wed Jan 23, 2013 8:32 am Post subject: |
|
|
It guess it's possible, if all your clients are gentoo (or other linux) boxes under your control. But it still requires special work at the client. It isn't possible in any standard way, you'll have to configure your DHCP server pass a vendor specific option and write hooks at your DHCP client to parse that option and put it into resolv.conf.
There's probably a better way... what problem exactly are you trying to solve? |
|
Back to top |
|
|
Kron n00b
Joined: 22 Jan 2013 Posts: 10 Location: Belarus, Minsk
|
Posted: Wed Jan 23, 2013 8:46 am Post subject: |
|
|
Thank you for your reply!
I have a few dns servers in my network. Ip address of both servers client takes with dhcp request.
Client took a lot of time to resolve names if the first nameserver in /etc/resolv.conf file falls.
I have a lot of computers that takes their ip addresses via dhcpd server so I thought I can send them timeout param with dhcp reply, to solve this problem.
Also, I found that when client uses dhcp, even if i`ll put the record dns_options="timeout:1 rotate" to the /etc/conf.d/net file, it won`t do anything.
So I`m still searching some solution with that in case if DNS server fall. |
|
Back to top |
|
|
kimmie Guru
Joined: 08 Sep 2004 Posts: 531 Location: Australia
|
Posted: Wed Jan 23, 2013 9:22 am Post subject: |
|
|
A timeout of 1 for DNS lookups is really too short. I have encountered more than one ISP where the DNS servers were working, but took > 2S at busy times - causing many headaches for non-techie Windows users. You shouldn't be using a timeout this short, because you may fail lookups even when your server is working.
In practice, DNS servers are not supposed to fail, and you can expect some issues if they do. Windows and linux dns clients have different solutions to this problem, no solution is perfect. If your network design is such that your primary DNS server is up sometimes, and other times not (barring failure), then you are just creating problems for yourself, so you should have a rethink.
Having said that, running nscd (cache) and/or dnsmasq (forwarder, which will favour upstream servers that are working) on the client can help.
If you are using dhcpcd client you can force stuff into resolv.conf by putting it in /etc/resolv.conf.head (added at the start) or /etc/resolv.conf.tail (at the end).
This happens in /lib/dhcpcd/dhcpcd-hooks/20-resolv.conf. See man dhcpcd-run-hooks. |
|
Back to top |
|
|
Kron n00b
Joined: 22 Jan 2013 Posts: 10 Location: Belarus, Minsk
|
Posted: Wed Jan 23, 2013 9:36 am Post subject: |
|
|
Quote: | A timeout of 1 for DNS lookups is really too short. |
Yes, but it`s short for internet. With local dns servers it took about ~20ms, so I think 1 second must be enough in this situation.
Quote: | In practice, DNS servers are not supposed to fail, and you can expect some issues if they do. |
I`m agree with that, but sometimes it happens and there must be a high availability solution, my question is more workaround for this problem than solution.
Now I`m using dnrd that works as dns proxy server. If some of the dns will fall, proxy will deactivate it. If proxy fall -> another proxy will do this job.
Thank`s a lot for your help! |
|
Back to top |
|
|
kimmie Guru
Joined: 08 Sep 2004 Posts: 531 Location: Australia
|
Posted: Wed Jan 23, 2013 9:52 am Post subject: |
|
|
It takes 20ms only if the result is already cached at the local DNS server. The client timeout should allow for the local DNS server to recursively resolve the query on the net.
Not familiar with dnrd, but looks like it is similar to dnsmasq. I use dnsmasq on my laptop, as well as the caching and proxy stuff it's really handy for VPNs because you can send queries for specific domains to specific servers. But dnsmasq has DHCP functionality too which I don't use, I'll have a look at dnrd, maybe it's cleaner... |
|
Back to top |
|
|
cwr Veteran
Joined: 17 Dec 2005 Posts: 1969
|
Posted: Wed Jan 23, 2013 2:17 pm Post subject: |
|
|
DNS shouldn't break, and if it does break your entire network is broken and
you need to know about it. One way around it, for a small local network,
would be to rely on a hosts file copied to each machine.
I use Bind on my (very small) local net, with a fallback on a different subnet
if a machine is booted when the server isn't available. That way, I can see
at once what's happened.
Will |
|
Back to top |
|
|
|