On Thu, 12 Aug 2004, Roland McGrath wrote: > > OK. Maybe so. But I think this is a valid bug based on my observations of the > > same phenomena. If a machine has ns1 & ns2 listed, ns1 cannot get out to the > > internet temporarily and returns an error, the whole mail system comes to a > > stop...even though ns2 is working perfect. > > That is how resolv.conf is supposed to work. It lists nameservers, and you > get the first one that is available, i.e. answers at all. If you want more > complicated logic, that does not belong in the resolver used by applications. > Use a local caching nameserver that implements the fancy policy you want. Actually, if ns1's internet connectivity breaks, and you ask it about names out in the Internet, the response probably returns an *error* like SERVFAIL or times out, *not* returns a negative reply. Then the resolver falls back to the next server (or at least it should!). A negative reply is returned only if the server is authoritative for the zone of the name that was queried. This stuff only happens if you're using split-faced DNS, i.e., zones aren't unique and queriable by everyone in the world. Doing so is against the fundamental principles of DNS. Again, if it hurts, don't do it. -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings