DNSクライアントにて指定するDNS設定と挙動(/etc/resolv.conf)

by

DNSクライアントにて指定するDNS設定と挙動について(/etc/resolv.conf)
1/3のDNSのうち一台でも稼動していれば、2~3秒程度で名前解決が出来る。
DNSの指定してない場合は、18秒程度で名前解決出来ないエラーが返ってくる。

[root@HOME001 usr]# man resolv.conf
RESOLV.CONF(5)             Linux Programmer’s Manual            RESOLV.CONF(5)

NAME
       resolv.conf - resolver configuration file

SYNOPSIS
       /etc/resolv.conf

nameserver Name server IP address
Internet address (in dot notation) of a name server that the resolver should
query. Up to MAXNS (currently 3, see ) name servers may be listed,
one per keyword. If there are multiple servers, the resolver library queries
them in the order listed. If no nameserver entries are present, the default is
to use the name server on the local machine. (The algorithm used is to try a
name server, and if the query times out, try the next, until out of name
servers, then repeat trying all the name servers until a maximum number of
retries are made.)

options
Options allows certain internal resolver variables to be modified.
The syntax is options option …
where option is one of the following:
debug sets RES_DEBUG in _res.options.

ndots:n
sets a threshold for the number of dots which must appear in a name given
to res_query(3) (see resolver(3)) before an initial absolute query will
be made. The default for n is 1, meaning that if there are any dots in a
name, the name will be tried first as an absolute name before any search
list elements are appended to it. The maximum value for this option is
silently capped to 15.

timeout:n
sets the amount of time the resolver will wait for a response from a
remote name server before retrying the query via a different name server.
Measured in seconds, the default is RES_TIMEOUT (currently 5, see
). The maximum value for this option is silently capped to 30.

attempts:n
sets the number of times the resolver will send a query to its name
servers before giving up and returning an error to the calling applica-
tion. The default is RES_DFLRETRY (currently 2, see ). The
maximum value for this option is silently capped to 5.

rotate sets RES_ROTATE in _res.options, which causes round robin selection of
nameservers from among those listed. This has the effect of spreading
the query load among all listed servers, rather than having all clients
try the first listed server first every time.

man

■通常時の名前解決にかかる時間

[root@HOME001 ~]# time dig yahoo.co.jp

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6 <<>> yahoo.co.jp
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43654
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;yahoo.co.jp.                   IN      A

;; ANSWER SECTION:
yahoo.co.jp.            138     IN      A       124.83.187.140
yahoo.co.jp.            138     IN      A       203.216.243.240

;; Query time: 8 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Fri Dec 28 11:18:20 2012
;; MSG SIZE  rcvd: 61


real    0m0.019s
user    0m0.005s
sys     0m0.005s
&#91;/SHELL&#93;

<strong>■DNSの最初のエントリーにダミーDNSを設定</strong>
→ 約1秒で2nd DNSにて名前解決を実行する。
[SHELL]
[root@HOME001 ~]# time dig yahoo.co.jp

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6 <<>> yahoo.co.jp
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9092
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;yahoo.co.jp.                   IN      A

;; ANSWER SECTION:
yahoo.co.jp.            80      IN      A       124.83.187.140
yahoo.co.jp.            80      IN      A       203.216.243.240

;; Query time: 10 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Fri Dec 28 11:19:18 2012
;; MSG SIZE  rcvd: 61


real    0m1.021s
user    0m0.005s
sys     0m0.004s
&#91;/SHELL&#93;

<strong>■DNSの最初と2番目のエントリーにダミーDNSを設定</strong>
→ 約2秒で3rd DNSにて名前解決を実行する。
[SHELL]
[root@HOME001 ~]# time dig yahoo.co.jp

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6 <<>> yahoo.co.jp
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63958
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;yahoo.co.jp.                   IN      A

;; ANSWER SECTION:
yahoo.co.jp.            14      IN      A       124.83.187.140
yahoo.co.jp.            14      IN      A       203.216.243.240

;; Query time: 9 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Fri Dec 28 11:20:24 2012
;; MSG SIZE  rcvd: 61


real    0m2.021s
user    0m0.005s
sys     0m0.007s
&#91;/SHELL&#93; 


<strong>■3つ共に利用出来ないDNSを設定した場合</strong>
→ 約20秒に名前解決出来ないエラーを返す。
[SHELL]
[root@HOME001 ~]# time dig yahoo.co.jp

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6 <<>> yahoo.co.jp
;; global options: +cmd
;; connection timed out; no servers could be reached

real    0m21.014s
user    0m0.008s
sys     0m0.005s

■2つ利用出来ないDNSを設定した場合
それ以外のDNSの指定無し。
→ 約18秒に名前解決出来ないエラーを返す。

[root@HOME001 ~]# time dig yahoo.co.jp

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6 <<>> yahoo.co.jp
;; global options: +cmd
;; connection timed out; no servers could be reached

real    0m18.012s
user    0m0.005s
sys     0m0.005s

■1つ利用出来ないDNSを設定した場合
それ以外のDNSの指定無し。
→ 約15秒に名前解決出来ないエラーを返す。

[root@HOME001 ~]# time dig yahoo.co.jp

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6 <<>> yahoo.co.jp
;; global options: +cmd
;; connection timed out; no servers could be reached

real    0m15.013s
user    0m0.008s
sys     0m0.004s

■resolv.cnfにDNSを追加してない場合
→ 約18秒に名前解決出来ないエラーを返す。

[root@HOME001 ~]# time dig yahoo.co.jp

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6 <<>> yahoo.co.jp
;; global options: +cmd
;; connection timed out; no servers could be reached

real    0m18.014s
user    0m0.006s
sys     0m0.006s

■最後(3番目)のDNSのみ有効なDNSを設定した場合
→ 約2秒後に正常に稼動しているDNSサーバーで名前解決を行う



[root@HOME001 ~]# time dig yahoo.co.jp


; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6 <<>> yahoo.co.jp

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56911
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;yahoo.co.jp.                   IN      A

;; ANSWER SECTION:
yahoo.co.jp.            157     IN      A       203.216.243.240
yahoo.co.jp.            157     IN      A       124.83.187.140

;; Query time: 8 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Fri Dec 28 11:43:19 2012
;; MSG SIZE  rcvd: 61


real    0m2.019s
user    0m0.004s
sys     0m0.005s
[/SHELL]

1つでも有効なDNSの設定があれば名前解決は2~3秒で完了

192.168.1.1と192.168.1.2はダミーDNS

last_entry


その他、OPTIONを指定した場合の挙動メモ

OPTIONSの指定のみでDNSを指定しない場合のタイムアウト

other


OPTIONSの指定して有効なDNSを指定しない場合のタイムアウト

other2


OPTIONSの指定して有効なDNSを2番目に指定した場合

other3


参考

http://www.opensource.apple.com/source/libresolv/libresolv-25.0.2/resolv.h

http://research.microsoft.com/en-us/um/redmond/projects/invisible/include/net/dns/resolv.h.htm