BIND 9.2.2 recursive queries lag badly, Bind8 does not

Mark Andrews Mark_Andrews at isc.org
Sun Nov 14 01:26:23 UTC 2004 

> Hello List --
> 
> I tried searching for this in the archives and didn't see anything
> conclusive.
> 
> We are an ISP with caching resolvers running BIND9.2.2 on Solaris 8 that
> are not behind firewalls.  Upon running scripts to test unrelated issues,
> I noticed that any time I queried any of my resolvers for domains that
> have not been cached, the recursive query response times are horrible --
> consistently over 4 seconds.  If I clear the cache and run a script that
> digs over 100 random domains, all of them come back > 4 seconds.  Nothing
> has changed on our resolvers' config in months.  Root hint file is up to
> date.  Dig +trace or debug isn't showing anything. Tcpdump/snoop shows
> nothing, other than an empty hole when the machine is waiting for a
> response back from any root server.  Queries against the boxes locally vs.
> queries from another machine make no difference.  We have tried boxes that
> have not been patched in months as well as up-to date machines.  All the
> same.
> 
> Here's the options we have:
> 
> 
> options {
> 
>         directory "/var/named";
> /*
> *
> */
>         max-ncache-ttl 10800;
>         transfers-in 25;
>         notify no;
>         allow-query { CSR; DEV; localhost; };
>         recursion yes;
>         recursive-clients 100000;
>         allow-transfer { none; };
>         interface-interval 0;
>         cleaning-interval 30;
>         blackhole { 10.0.0.0/8; 192.168.0.0/16; };
>         pid-file "named.pid";
> 
> };
> 
> 
> Although I would be happy to post more info for your review, my questions
> are these:  Has anyone else noticed this lag in recursion recently?  Can
> anyone on this list try clearing their cache and then running queries for
> random domains and noting the response time?
> 
> Curiously, an old BIND8 box we have does NOT experience this lag, no
> matter what.
> 
> Any insight you may have is appreciated.
> 
> Thanks
> 
> -Erik J
 

        Know issue which will be fixed in BIND 9.2.5/9.3.1.

        Workarounds:
        * upgrade to 9.3.0 and run "named -4".
        * configure --disable-ipv6.
        * get yourself IPv6 connectivity.

	A.GTLD-SERVERS.NET and B.GTLD-SERVERS.NET now have AAAA address
	and the RTT estimates are not being penalised because you don't
	have IPv6 connectivity.

        Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org

More information about the bind-users mailing list