BIND non-cached resolution taking 2-4 seconds each time
Mark Andrews
Mark_Andrews at isc.org
Mon Sep 18 15:45:39 UTC 2006
Please specify EXACT versions.
> I'm having a problem with BIND 9 taking FOREVER to resolve DNS
> requests. Both are fresh installs of CentOS on PIII hardware. Both are
> in a well connected network (2 full DS-3's that aren't very used from
> two providers; we do our own BGP).
>
> Here is my named.conf:
>
> ------------------------------------
> acl recurseallow {
> 208.67.56.0/22;
> 127.0.0.1;
> };
>
> acl trusted {
> };
>
> options {
> directory "/var/named";
> allow-transfer { trusted; };
> allow-recursion { recurseallow; };
> query-source port 53;
> };
>
> include "/etc/rndc.key";
>
> zone "." {
> type hint;
> file "named.root";
> };
> ------------------------------------
>
> Here is my root hints file:
> ------------------------------------
> . 6D IN NS A.ROOT-SERVERS.NET.
> . 6D IN NS B.ROOT-SERVERS.NET.
> . 6D IN NS C.ROOT-SERVERS.NET.
> . 6D IN NS D.ROOT-SERVERS.NET.
> . 6D IN NS E.ROOT-SERVERS.NET.
> . 6D IN NS F.ROOT-SERVERS.NET.
> . 6D IN NS G.ROOT-SERVERS.NET.
> . 6D IN NS H.ROOT-SERVERS.NET.
> . 6D IN NS I.ROOT-SERVERS.NET.
> . 6D IN NS J.ROOT-SERVERS.NET.
> . 6D IN NS K.ROOT-SERVERS.NET.
> . 6D IN NS L.ROOT-SERVERS.NET.
> . 6D IN NS M.ROOT-SERVERS.NET.
> A.ROOT-SERVERS.NET. 6D IN A 198.41.0.4
> B.ROOT-SERVERS.NET. 6D IN A 128.9.0.107
> C.ROOT-SERVERS.NET. 6D IN A 192.33.4.12
> D.ROOT-SERVERS.NET. 6D IN A 128.8.10.90
> E.ROOT-SERVERS.NET. 6D IN A 192.203.230.10
> F.ROOT-SERVERS.NET. 6D IN A 192.5.5.241
> G.ROOT-SERVERS.NET. 6D IN A 192.112.36.4
> H.ROOT-SERVERS.NET. 6D IN A 128.63.2.53
> I.ROOT-SERVERS.NET. 6D IN A 192.36.148.17
> J.ROOT-SERVERS.NET. 6D IN A 198.41.0.10
> K.ROOT-SERVERS.NET. 6D IN A 193.0.14.129
> L.ROOT-SERVERS.NET. 6D IN A 198.32.64.12
> M.ROOT-SERVERS.NET. 6D IN A 202.12.27.33
> ------------------------------------
>
> Here is the output of TCP dump doing a sample query after running "rndc
> flush" then "dig @localhost theplanet.com"
>
> ------------------------------------
> 08:50:04.249815 IP 208.67.56.6.domain > 193.0.14.129.domain: 11509%
> [1au] A? theplanet.com. (42)
> 08:50:04.251185 IP 208.67.56.6.domain > 193.0.14.129.domain: 6690%
> [1au] NS? . (28)
> 08:50:04.393408 IP 193.0.14.129.domain > 208.67.56.6.domain: 11509-
> 0/13/16 (530)
> 08:50:04.394688 IP 193.0.14.129.domain > 208.67.56.6.domain: 6690*-
> 13/0/14 NS a.root-servers.net.,[|domain]
> 08:50:06.397444 IP 208.67.56.6.domain > 192.55.83.30.domain: 13032%
> [1au] A? theplanet.com. (42)
> 08:50:06.651124 IP 192.55.83.30.domain > 208.67.56.6.domain: 13032
> FormErr- [0q] 0/0/0 (12)
> 08:50:06.651819 IP 208.67.56.6.domain > 192.55.83.30.domain: 3266 A?
> theplanet.com. (31)
> 08:50:06.909213 IP 192.55.83.30.domain > 208.67.56.6.domain: 3266-
> 0/2/12 (259)
> 08:50:06.910512 IP 208.67.56.6.domain > 207.44.128.230.domain: 17183%
> [1au] A? theplanet.com. (42)
> 08:50:06.956252 IP 207.44.128.230.domain > 208.67.56.6.domain: 17183*-
> 1/2/13 A 70.87.6.11 (286)
> ------------------------------------
>
>
> Notice the 2 second delay between lines 4 and 5? The result took 2.5
> seconds for dig to respond. Once it's cached, it takes only a few ms to
> get the same thing back, it's just that first time query that takes
> FOREVER.
>
> In an effort to be through, more information is below.
>
> My /etc/hosts:
> ------------------------------------
> 127.0.0.1 localhost.localdomain localhost
> ------------------------------------
>
> My /etc/host.conf:
> ------------------------------------
> order hosts,bind
> ------------------------------------
>
> Output of some commands:
> ------------------------------------
> [~]# route -n
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric Ref Use
> Iface
> 208.67.56.0 0.0.0.0 255.255.255.224 U 0 0 0
> eth0
> 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0
> eth0
> 0.0.0.0 208.67.56.3 0.0.0.0 UG 0 0 0
> eth0
> [~]# ifconfig
> eth0 Link encap:Ethernet HWaddr 00:01:29:20:9A:A3
> inet addr:208.67.56.6 Bcast:208.67.56.31
> Mask:255.255.255.224
> inet6 addr: fe80::201:29ff:fe20:9aa3/64 Scope:Link
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:1604748 errors:0 dropped:0 overruns:0 frame:0
> TX packets:1088829 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:193923454 (184.9 MiB) TX bytes:145317266 (138.5
> MiB)
> Interrupt:11 Base address:0xec00
>
> lo Link encap:Local Loopback
> inet addr:127.0.0.1 Mask:255.0.0.0
> inet6 addr: ::1/128 Scope:Host
> UP LOOPBACK RUNNING MTU:16436 Metric:1
> RX packets:2605 errors:0 dropped:0 overruns:0 frame:0
> TX packets:2605 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0
> RX bytes:4311177 (4.1 MiB) TX bytes:4311177 (4.1 MiB)
>
> [~]#
> ------------------------------------
>
>
--
ISC Training! October 16-20, 2006, in the San Francisco Bay Area,
covering topics from DNS to DHCP. Email training at isc.org.
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list