BIND 9.2.2 recursive queries lag badly, Bind8 does not
Mark Andrews
Mark_Andrews at isc.org
Sun Nov 14 01:26:23 UTC 2004
> Hello List --
>
> I tried searching for this in the archives and didn't see anything
> conclusive.
>
> We are an ISP with caching resolvers running BIND9.2.2 on Solaris 8 that
> are not behind firewalls. Upon running scripts to test unrelated issues,
> I noticed that any time I queried any of my resolvers for domains that
> have not been cached, the recursive query response times are horrible --
> consistently over 4 seconds. If I clear the cache and run a script that
> digs over 100 random domains, all of them come back > 4 seconds. Nothing
> has changed on our resolvers' config in months. Root hint file is up to
> date. Dig +trace or debug isn't showing anything. Tcpdump/snoop shows
> nothing, other than an empty hole when the machine is waiting for a
> response back from any root server. Queries against the boxes locally vs.
> queries from another machine make no difference. We have tried boxes that
> have not been patched in months as well as up-to date machines. All the
> same.
>
> Here's the options we have:
>
>
> options {
>
> directory "/var/named";
> /*
> *
> */
> max-ncache-ttl 10800;
> transfers-in 25;
> notify no;
> allow-query { CSR; DEV; localhost; };
> recursion yes;
> recursive-clients 100000;
> allow-transfer { none; };
> interface-interval 0;
> cleaning-interval 30;
> blackhole { 10.0.0.0/8; 192.168.0.0/16; };
> pid-file "named.pid";
>
> };
>
>
> Although I would be happy to post more info for your review, my questions
> are these: Has anyone else noticed this lag in recursion recently? Can
> anyone on this list try clearing their cache and then running queries for
> random domains and noting the response time?
>
> Curiously, an old BIND8 box we have does NOT experience this lag, no
> matter what.
>
> Any insight you may have is appreciated.
>
> Thanks
>
> -Erik J
Know issue which will be fixed in BIND 9.2.5/9.3.1.
Workarounds:
* upgrade to 9.3.0 and run "named -4".
* configure --disable-ipv6.
* get yourself IPv6 connectivity.
A.GTLD-SERVERS.NET and B.GTLD-SERVERS.NET now have AAAA address
and the RTT estimates are not being penalised because you don't
have IPv6 connectivity.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list