Slow recursive query performance on Windows x64
Steve Farr
steve at farrhomestead.com
Fri Jan 17 19:52:01 UTC 2020
Hi there,
I'm hoping perhaps someone can point me in a good direction for
troubleshooting here. I recently upgraded from BIND 9.9.10-P3 running in
32-bit Windows, to 9.14.9 running on 64-bit Windows. I've tried it in both
Windows 10 and Windows 7, and the behavior is the same: Queries for
addresses that aren't already cached take a long time (long enough that the
client resolver often gives up and assumes the DNS server failed - perhaps
5-6 seconds). On a second attempt, it's usually in the cache and responds
right away. The server has three views, two of which allow recursion, and it
hosts a couple of authoritative domains (differing in content between the
views, but present in all three). Queries for addresses in the domains that
are hosted locally are fast, and so are queries for anything that's cached.
I had to make a few tweaks to the config, jumping so many versions, in order
to eliminate warnings about things like DNSSEC. I also downloaded a fresh
copy of the named.cache / root hints, as well as bind.keys.
It's entirely possible that I just don't know what I'm doing.
Any ideas what could be causing this? The old server occupied the same
internal IP address (same firewall, same NAT, etc) so I don't tend to
suspect the network, especially since it's reproducible (the old 32-bit box
still works fast if I swap it back in). Here's my current config (feel free
to critique it even if off-topic):
// named.conf
acl internal { 192.168.63.0/24; 192.168.65.0/24; 127.0.0.1; };
acl wifi { 192.168.64.0/24; };
acl notifiers { [public IP removed for anonymity];};
key "transfer-key" {
algorithm hmac-md5;
secret "[removed for security]";
};
server [same public IP as in acl notifiers] {
keys { transfer-key; };
};
options {
version "1.1.1.1";
directory "C:\ISCBIND9\etc\namedb"; // Working directory
pid-file "C:\ISCBIND9\var\named.pid";
statistics-file "C:\ISCBIND9\var\named.stats";
memstatistics-file "C:\ISCBIND9\var\named.memstats";
auth-nxdomain yes;
listen-on { 192.168.63.23; 127.0.0.1; };
tcp-clients 1024;
max-cache-size 128M;
allow-query { any; };
recursion no;
allow-recursion { none; };
allow-query-cache { none; };
allow-transfer { none; };
allow-notify { notifiers; };
notify no;
dnssec-enable yes;
dnssec-lookaside no;
dnssec-validation yes;
bindkeys-file "C:\ISCBIND9\etc\namedb\bind.keys";
};
view internal {
match-clients { internal; };
recursion yes;
allow-query { internal; };
allow-recursion { internal; };
allow-query-cache { internal; };
zone "." in {type hint; file "named.cache"; };
zone "localhost" IN {type master; file "localhost.zone"; };
zone "0.0.127.in-addr.arpa" IN {type master; file
"named.local"; };
[authoritative zones follow]
};
view wifi {
[basically the same as internal except different
match-clients statement and different zones]
};
view external {
match-clients { any; };
allow-recursion { none; };
allow-query-cache { none; };
recursion no;
allow-query {any; };
zone "." in {type hint; file "named.cache"; };
zone "localhost" IN {type master; file "localhost.zone"; };
zone "0.0.127.in-addr.arpa" IN {type master; file
"named.local"; };
[authoritative zones follow]
};
Thanks for any help anyone may be able to offer!
-Steve
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20200117/c462058b/attachment.htm>
More information about the bind-users
mailing list