DNS 解析超时配置
Intro
最近发现我们内网的服务器连接外网有时候会解析域名失败,直接在服务器上跑 nslookup 有时候会出现 DNS 解析超时,于是在网上找如何配置 DNS 超时时间,然后看到阿里云上的一篇文章,设置后有点效果,记录一下,
Solution
设置 /etc/resolv.conf 中 options 配置
options timeout:5 attempts:3 rotate single-request-reopen
通过上面的 options 指定 dns 解析的超时及重试配置, options 详细配置参数可以参考下面完整的说明
**options**
Options allows certain internal resolver variables to be
modified. The syntax is
**options** *option ...*
where *option* is one of the following:
**debug** Sets **RES_DEBUG** in *_res.options* (effective only if glibc
was built with debug support; see [resolver(3)](http://man7.org/linux/man-pages/man3/resolver.3.html)).
**ndots:***n*
Sets a threshold for the number of dots which must
appear in a name given to [res_query(3)](http://man7.org/linux/man-pages/man3/res_query.3.html) (see
[resolver(3)](http://man7.org/linux/man-pages/man3/resolver.3.html)) before an *initial absolute query* will be
made. The default for *n* is 1, meaning that if there
are any dots in a name, the name will be tried first as
an absolute name before any *search list* elements are
appended to it. The value for this option is silently
capped to 15.
**timeout:***n*
Sets the amount of time the resolver will wait for a
response from a remote name server before retrying the
query via a different name server. This may **not** be the
total time taken by any resolver API call and there is
no guarantee that a single resolver API call maps to a
single timeout. Measured in seconds, the default is
**RES_TIMEOUT** (currently 5, see **). The value
for this option is silently capped to 30.
**attempts:***n*
Sets the number of times the resolver will send a query
to its name servers before giving up and returning an
error to the calling application. The default is
**RES_DFLRETRY** (currently 2, see **). The value
for this option is silently capped to 5.
**rotate** Sets **RES_ROTATE** in *_res.options*, which causes round-
robin selection of name servers from among those
listed. This has the effect of spreading the query
load among all listed servers, rather than having all
clients try the first listed server first every time.
**no-check-names**
Sets **RES_NOCHECKNAME** in *_res.options*, which disables
the modern BIND checking of incoming hostnames and mail
names for invalid characters such as underscore (_),
non-ASCII, or control characters.
**inet6** Sets **RES_USE_INET6** in *_res.options*. This has the
effect of trying an AAAA query before an A query inside
the [gethostbyname(3)](http://man7.org/linux/man-pages/man3/gethostbyname.3.html) function, and of mapping IPv4
responses in IPv6 "tunneled form" if no AAAA records
are found but an A record set exists. Since glibc
2.25, this option is deprecated; applications should
use [getaddrinfo(3)](http://man7.org/linux/man-pages/man3/getaddrinfo.3.html), rather than [gethostbyname(3)](http://man7.org/linux/man-pages/man3/gethostbyname.3.html).
**ip6-bytestring** (since glibc 2.3.4)
Sets **RES_USEBSTRING** in *_res.options*. This causes
reverse IPv6 lookups to be made using the bit-label
format described in RFC 2673; if this option is not set
(which is the default), then nibble format is used.
This option was removed in glibc 2.25, since it relied
on a backward-incompatible DNS extension that was never
deployed on the Internet.
**ip6-dotint**/**no-ip6-dotint** (glibc 2.3.4 to 2.24)
Clear/set **RES_NOIP6DOTINT** in *_res.options*. When this
option is clear (**ip6-dotint**), reverse IPv6 lookups are
made in the (deprecated) *ip6.int* zone; when this option
is set (**no-ip6-dotint**), reverse IPv6 lookups are made
in the *ip6.arpa* zone by default. These options are
available in glibc versions up to 2.24, where **no-**
**ip6-dotint** is the default. Since **ip6-dotint** support
long ago ceased to be available on the Internet, these
options were removed in glibc 2.25.
**edns0** (since glibc 2.6)
Sets **RES_USE_EDNSO** in *_res.options*. This enables
support for the DNS extensions described in RFC 2671.
**single-request** (since glibc 2.10)
Sets **RES_SNGLKUP** in *_res.options*. By default, glibc
performs IPv4 and IPv6 lookups in parallel since
version 2.9\. Some appliance DNS servers cannot handle
these queries properly and make the requests time out.
This option disables the behavior and makes glibc
perform the IPv6 and IPv4 requests sequentially (at the
cost of some slowdown of the resolving process).
**single-request-reopen** (since glibc 2.9)
Sets **RES_SNGLKUPREOP** in *_res.options*. The resolver
uses the same socket for the A and AAAA requests. Some
hardware mistakenly sends back only one reply. When
that happens the client system will sit and wait for
the second reply. Turning this option on changes this
behavior so that if two requests from the same port are
not handled correctly it will close the socket and open
a new one before sending the second request.
**no-tld-query** (since glibc 2.14)
Sets **RES_NOTLDQUERY** in *_res.options*. This option
causes **res_nsearch**() to not attempt to resolve an
unqualified name as if it were a top level domain
(TLD). This option can cause problems if the site has
``localhost'' as a TLD rather than having localhost on
one or more elements of the search list. This option
has no effect if neither RES_DEFNAMES or RES_DNSRCH is
set.
**use-vc** (since glibc 2.14)
Sets **RES_USEVC** in *_res.options*. This option forces the
use of TCP for DNS resolutions.
**no-reload** (since glibc 2.26)
Sets **RES_NORELOAD** in *_res.options*. This option
disables automatic reloading of a changed configuration
file.
The *domain* and *search* keywords are mutually exclusive. If more than
one instance of these keywords is present, the last instance wins.
The *search* keyword of a system's *resolv.conf* file can be overridden
on a per-process basis by setting the environment variable
**LOCALDOMAIN** to a space-separated list of search domains.
The *options* keyword of a system's *resolv.conf* file can be amended on
a per-process basis by setting the environment variable **RES_OPTIONS**
to a space-separated list of resolver options as explained above
under **options**.
The keyword and value must appear on a single line, and the keyword
(e.g., **nameserver**) must start the line. The value follows the
keyword, separated by white space.
Lines that contain a semicolon (;) or hash character (#) in the first
column are treated as comments.
Reference
- http://man7.org/linux/man-pages/man5/resolv.conf.5.html
- https://help.aliyun.com/document_detail/111842.html?spm=a2c4g.11186623.2.7.6c1c4c07q84KYh#title-ir4-ukr-wp0