turning on recursion in bind 9.2.2 makes ssh login prompt slow
r37ribution at gmail.com
r37ribution at gmail.com
Wed Jan 16 14:30:00 UTC 2008
I added the hint info to named.conf. It is still slow, I remembered reading
that BIND has its own default root servers so I didn't try this origionally.
When I ran "dig -x 209.85.137.83" it timed out after about 10 seconds:
root at obms1-com-taylor-mi:/root# dig -x 209.85.137.83
; <<>> DiG 9.2.2 <<>> -x 209.85.137.83
;; global options: printcmd
;; connection timed out; no servers could be reached
Here is dig with +trace:
root at obms1-com-taylor-mi:/etc# dig +trace -x 209.85.137.83
; <<>> DiG 9.2.2 <<>> +trace -x 209.85.137.83
;; global options: printcmd
. 3600000 IN NS
A.ROOT-SERVERS.NET<http://a.root-servers.net/>
.
. 3600000 IN NS
B.ROOT-SERVERS.NET<http://b.root-servers.net/>
.
. 3600000 IN NS
C.ROOT-SERVERS.NET<http://c.root-servers.net/>
.
. 3600000 IN NS
D.ROOT-SERVERS.NET<http://d.root-servers.net/>
.
. 3600000 IN NS
E.ROOT-SERVERS.NET<http://e.root-servers.net/>
.
. 3600000 IN NS
F.ROOT-SERVERS.NET<http://f.root-servers.net/>
.
. 3600000 IN NS
G.ROOT-SERVERS.NET<http://g.root-servers.net/>
.
. 3600000 IN NS
H.ROOT-SERVERS.NET<http://h.root-servers.net/>
.
. 3600000 IN NS
I.ROOT-SERVERS.NET<http://i.root-servers.net/>
.
. 3600000 IN NS
J.ROOT-SERVERS.NET<http://j.root-servers.net/>
.
. 3600000 IN NS
K.ROOT-SERVERS.NET<http://k.root-servers.net/>
.
. 3600000 IN NS
L.ROOT-SERVERS.NET<http://l.root-servers.net/>
.
. 3600000 IN NS
M.ROOT-SERVERS.NET<http://m.root-servers.net/>
.
;; Received 228 bytes from 168.84.1.194#53(168.84.1.194) in 21 ms
dig: Couldn't find server 'A.ROOT-SERVERS.NET <http://a.root-servers.net/>':
host/servname not known
FYI, this DNS server is on an isolated network so it doesn't need to get out
to the world. I'm pretty new to BIND and named, so maybe I missed something
simple?
Here is my new named.conf:
// BIND Version 9 configuration file.
//
options {
directory "/var/opt/dnsfiles";
dump-file "/var/opt/dnsfiles/tmp/named_dump.db";
pid-file "/usr/local/run/named.pid";
// version statement for security to avoid hacking known
weaknesses
version "not currently available";
recursion yes;
};
include "/etc/rndc.key";
controls {
inet 127.0.0.1 allow {127.0.0.1; } keys { "rndc-key"; };
};
zone "." {
type hint;
file "named.root";
};
zone "bms.n2bb.com" in {
type master;
file "db.bms.n2bb.com";
// to allow salve transfers, add slave ips in place of 'none'
allow-transfer { any; };
};
zone "1.84.168.in-addr.arpa" in {
type master;
file "db.168.84.1";
// to allow salve transfers, add slave ips in place of 'none'
allow-transfer { any; };
};
zone "localhost" in {
type master;
file "localhost.zone";
};
zone "0.0.127.in-addr.arpa" in {
type master;
file "named.local";
};
Thanks for all the help! I read that this could be a bug, can anyone confirm
this?: http://unix.derkeiler.com/Mailing-Lists/SunManagers/2006-11/msg00191.html
Someone let me know if I am replying to this correctly, I don't mean to
accidentally start a new thread. Excuse me, I haven't used this before.
On Jan 16, 2008 9:18 AM, Stephane Bortzmeyer <bortzmeyer at nic.fr> wrote:
> On Wed, Jan 16, 2008 at 02:09:15PM +0000,
> Chris Thompson < cet1 at hermes.cam.ac.uk > wrote
> a message of 22 lines which said:
>
> > was already included in 9.2.0a1.
>
> Then it is likely that the OP's machine has trouble talking to the
> root name servers. A dig with the +trace option will show it.
>
>
>
More information about the bind-users
mailing list