Does linux accept a DNS reply that comes after configured timeout if it is in the middle of the next attempt?

Question

/etc/resolv.conf is configured with:

options timeout:1 attempts:5 rotate
nameserver A
nameserver B

Both configured nameservers have a delay of 3 seconds. The following exchange of messages occurs:

• 00:00 - query #1 sent to A
• 00:01 - query #2 sent to B
• 00:02 - query #3 sent to A
• 00:03 - query #4 sent to B
• 00:03 - reply to #1 received from A

Will Linux resolver accept the reply to query #1, as it is still resolving the address or are all replies out of initial 1-second timeout discarded?

Unfortunately the man resolf.conf doesn't really clarify that.

Answer 1

DNS queries are also based on RTT (Round-trip time), just like ICMP. RTT of a DNS query is the measurement of the delay between a DNS query being issued and the time the answer is received, meaning that the reply (in your case - reply to #1 received from A) must arrive before the configured maximum timeout in order for it to be considered valid. It's quite identical to how ICMP works.

Technically, RTT is the length of time it takes for a signal to be sent plus the length of time it takes for an acknowledgment of that signal to be received.

Answer 2

I've tested the behaviour in my lab. Linux resolver will indeed take a successful reply if it comes while it is still resolving the domain, even if the reply comes with a delay greater than 1 second. In my lab, I've set a DNS server delay of 3 seconds and with {{options timeout:1 attempts:5}} set, the client still resolved the domain. Packet capture prooved the reply was received after multiple queries to both configured DNS servers were already sent out by the client.

Changing default values or {{options timeout:5 attempts:1}} to {{options timeout:5 attempts:1}} hence decreases DNS server failover delay, while still allowing slow DNS servers to provide the answer in the same time.