external queries slow or timing out
Jim Jarocki
jarocki at startribune.com
Thu Jan 29 17:08:25 UTC 2004
I'm running a split DNS configuration, 2 external servers (in the dmz
portion of my network) are running bind-9.2.2, and name servers on the
secure portion are running bind that ships with stock solaris (so usually
some flavor of bind 8). I am experiencing very slow name service queries
for any domain that I'm not authoritative for from my internal servers
(who forward requests to the external servers). For example:
ra% nslookup
Default Server: ra.startribune.com
Address: 132.148.70.53
> set debug
> www.abc.con
Server: ra.startribune.com
Address: 132.148.70.53
;; res_nmkquery(QUERY, www.abc.con, IN, A)
^C
> www.abc.com
Server: ra.startribune.com
Address: 132.148.70.53
;; res_nmkquery(QUERY, www.abc.com, IN, A)
timeout
timeout
timeout
------------
Got answer:
HEADER:
opcode = QUERY, id = 84, rcode = NOERROR
header flags: response, want recursion, recursion avail.
questions = 1, answers = 2, authority records = 4, additional =
0
QUESTIONS:
www.abc.com, type = A, class = IN
ANSWERS:
-> www.abc.com
canonical name = abc.com
ttl = 1200 (20M)
-> abc.com
internet address = 199.181.135.201
ttl = 418 (418)
AUTHORITY RECORDS:
-> abc.com
nameserver = sens02.dig.com
ttl = 418 (418)
-> abc.com
nameserver = orns01.dig.com
ttl = 418 (418)
-> abc.com
nameserver = orns02.dig.com
ttl = 418 (418)
-> abc.com
nameserver = sens01.dig.com
ttl = 418 (418)
------------
Non-authoritative answer:
Name: abc.com
Address: 199.181.135.201
Aliases: www.abc.com
Notice the 3 timeouts. That is consistant with any non-cached queries.
Every test with nslookup times out 3 times, then is successful. A similar
test from the external hosts resolves immediately (no timeouts) When i
turn on debugging on the external name server, I see the last successful
request, but nothing on the 3 timeouts. Maybe I just don't understand how
forwarding exact works?
A typical named.conf for an internal name server looks like:
ra% more /etc/named.conf
options {
//
//boot file for name server
//
//type domain source file or
//
directory "/var/named";
forwarders {
132.148.87.39;
132.148.87.38;
};
};
// };
//};
zone "startribune.com" in {
type slave;
file "startribune.db";
masters { 132.148.25.36; };
};
zone "stribnet.com" in {
type slave;
file "stribnet.db";
masters { 132.148.25.36; };
};
zone "stribsource.com" in {
type slave;
file "stribsource.db";
masters { 132.148.25.36; };
};
zone "148.132.in-addr.arpa" in {
type slave;
file "startribune.rev";
masters { 132.148.25.36; };
};
zone "." in {
type hint;
file "named.ca";
};
I'm runnning out of things to look at, and of course, the slowness of
lookups are terribly annoying for my users. If anyone has ideas of
specific things I should look at, please share them. Thanks in advance.
-----------------------------------------------------------------------
"If you're not part of the solution, you're part of the precipitate."
-- Steve Wright
-----------------------------------------------------------------------
Jim Jarocki
Systems Administrator
jarocki at startribune.com
-----------------------------------------------------------------------
More information about the bind-users
mailing list