How DNS works by default on AIX

It takes AIX 75 seconds, by default, to attempt to use the secondary DNS server configured in resolv.conf for each DNS call. There are ways to configure this for a shorter time (see below). As of 9-10-2010, this has should be left default on all systems. Even 2 seconds can be an issue. This configuration is not really an issue as it is just how it works. If this happens, and there is an issue, a quick way to remedy this is to swap entries in the resolv.conf file so the timeout does not happen. The backup might be an issue too (this has happened), but it might be worth a try. Be sure to change back when done.

How to change the DNS timeout value on AIX

On AIX, the default timeout variables take a total of 75 seconds to fail-over to the second DNS server. To tune it so that the fail-over only takes 2 seconds, add the following variables to /etc/environment:

RES_RETRY=1 RES_TIMEOUT=1

You cannot go lower than 1 second for each of these variables. The explanation of why AIX has a default of 75 seconds is as follows:

On AIX, a DNS query will wait a total of 75 seconds before failing over to the second name server entry in the resolv.conf. The 75 sec timeout period comes from two values RES_RETRY and RES_TIMEOUT. The way it works is the DNS client will try to contact the DNS server, then if it doesn't get an answer back it will wait 5 seconds and try again, then it will wait 10 secs and try again, 20 sec and try again, 40 secs and try again.

5 + 10 + 20 + 40 = 75 seconds

So our new setting makes one retry after 1 second, then fails over to the secondary DNS.

Example of setting NIC to 100 Full:

lsattr -El ent0 -a media_speed 
/usr/sbin/ifconfig en0 down detach 
/usr/sbin/ifconfig et0 down detach 
/usr/sbin/chdev -l ent0 -a media_speed=100_Full_Duplex 
/usr/sbin/chdev -l en0 -a state=up 
/usr/sbin/mkdev -l inet0

To fix duplex issue on SEA:

On VIO server, remove SEA, change duplex, re-add duplex. Do one at a time so numbers are same. Virtual LPAR network connections will get dropped but come back fine.

• Enter “smitty etherchannel”
• Select “Add An Ether Channel / Link Aggregation” from the list and press enter
• Select the primary Ethernet adapter and press Enter. This is teh adapter that will be used until it fails.
• Enter the information in the following fields (keep the rest default)
  • Backup Adapter: Enter the adapter that you want to be your backup adapter. After a failover, this adapter is used until the primary adapter recovers. It is recommended to use the preferred adapter as the primary adapter.
  • Internet Address to Ping: It is common practice to use the gateway of the network (a good choice) being used on the Ether Channel device. This field is optional. The Ether Channel pings the IP address or host name that you specify here. If the Ether Channel is unable to ping this address for the number of times specified in the Number of Retries field and in the intervals specified in the Retry Timeout field, the Ether Channel switches adapters.
• Hit Enter. A new ent device should be created.
• The description displayed from the lsdev command will be “Ether Channel / IEEE 802.3ad Link Aggregation”

IP Tracing in AIX

startsrc -s iptrace -a ”-a /tmp/iptrace.bin”%%
Once you have logged in stop iptrace 
%%stopsrc -s iptrace

Network Tuning To list values:

no -a

Non-default values can be found in the /etc/tunables/nextboot file: For latency issues, sometimes tcp_no_delay and tcp_nodelay_ack can be used (be careful)

To eliminate closed sessions (common) use app recommended values (i.e. WAS) for tcp_keepalive, tcp_keepidle, tcp_keepinit, tcp_finwait2, and sometimes tcp_timewait (be careful).