BIND slow to start without localhost name resolution
JINMEI Tatuya / 神明達哉
Jinmei_Tatuya at isc.org
Thu Mar 27 19:04:20 UTC 2008
At Thu, 27 Mar 2008 08:29:21 -0000,
"Paul Cocker" <paul.cocker at tntpost.co.uk> wrote:
> I have a CentOS3 server running BIND 9.4.2 acting as an authorities name
> server for a domain. It was also performing recursive lookups for other
> machines in the same subnet, but this is no longer desirable as I was
> informed that external machines can still use its name cache even if
> they're not on the allow-recursion ACL (they just can't initiate new
> name lookups) so long as recursive lookups are allowed for more machines
> than none, and as this machine is not exactly a resource beast I would
> rather disable recursive lookups.
>
> Problem is, once all this is done I then remove 0.0.0.0 from the
> resolv.conf file and now when the BIND daemon starts rather than being
> almost instant it can sit from 5-15 minutes before firing up.
>
> Should I be settings allow-recursion { none; }; and then leaving 0.0.0.0
> in the resolv.conf file? If so, why does BIND require this for a speedy
> start-up? As the machine never needs to resolve names within its own
> domain, I'd like it to bypass itself.
That may be related to syslog (although it's still hard to believe
that it takes 5-15 minutes). If you use syslog as an output channel
of named logs and (if so) disable it, does that make any change?
Also, what if you start named with the -g command line option? Is
there any obvious bottleneck before you see "running"?
---
JINMEI, Tatuya
Internet Systems Consortium, Inc.
More information about the bind-users
mailing list