Today, I received a complaint from a user that I would receive Unknown Host errors from time to time. I suspected that there was a problem with the DNS configuration of the application server. I checked /etc/resolv.conf on the application server and found that the first line of the configuration was:
options attempts:1 timeout:1
nameserver 10.10.10.10
Query related configuration instructions to find the logic of DNS:
The address of the DNS server of the intranet is 10.10.10.10. The application server goes to the DNS of the intranet to resolve the domain name. The DNS of the intranet will look up the corresponding domain name resolution in the cache. If the corresponding domain name is not found in the cache, it will go to the upper level. DNS domain name resolver to query, this process is more complicated, I will write a detailed article to explain it in detail.
The current configuration means that the action of the application server to obtain the domain name is only attempted once, and the timeout period is one second. That is to say, when the server goes to the DNS server to query the domain name, if the server does not receive a response within 1 second, it will directly report an error to the application. When the local DNS cache does not have the information of the requested domain name, it will go to the external network to query the domain name, and this process will be relatively unstable. It is obvious that it is more common for the resolution domain name to time out when the timeout is set to 1 second and no retries are made. Below is a detailed explanation of these two parameters. After removing this line of settings and using the default settings, the problem disappeared.
options
Options allows certain internal resolver variables to be modified. The syntax is
options option ...
where option is one of the following:
debug sets RES_DEBUG in _res.options.
ndots:n
sets a threshold for the number of dots which must appear in a name given to res_query(3) (see resolver(3)) before an initial abso‐
lute query will be made. The default for n is 1, meaning that if there are any dots in a name, the name will be tried first as an
absolute name before any search list elements are appended to it. The value for this option is silently capped to 15.timeout:n
sets the amount of time the resolver will wait for a response from a remote name server before retrying the query via a different
name server. Measured in seconds, the default is RES_TIMEOUT (currently 5, see <resolv.h>). The value for this option is silently
capped to 30.attempts:n sets the number of times the resolver will send a query to its name servers before giving up and returning an error to the calling application. The default is RES_DFLRETRY (currently 2, see <resolv.h>). The value for this option is silently capped to 5.