Slow internal resolution
Javed E. Malik
jemalik at emis-intl.com
Thu Mar 9 14:49:33 UTC 2000
Check that in Unix box /etc/nsswitch.conf the hosts is set to
hosts: dns files
Hope it would solve the problem.
Javed
__________________________________________________________________
::-----Original Message-----
::From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org]On
::Behalf Of Stewart.Ann
::Sent: Wednesday, March 08, 2000 10:31 PM
::To: 'bind-users at isc.org'
::Subject: Slow internal resolution
::
::
::One of our Web servers, which is, of course, outside the firewall, has a
::name that doesn't end with our domain name. Specifically, our domain is
::ftb.ca.gov, our main Web site is www.ftb.ca.gov <http://www.ftb.ca.gov> ,
::and the server in question (on the same subnet as www.ftb.ca.gov
::<http://www.ftb.ca.gov> ) is called www.taxes.ca.gov
::<http://www.taxes.ca.gov> . The ca.gov resolver lives at a different
::agency; we have nothing to do with it. The ftb.ca.gov resolver
::lives here
::and I'm the homeless schizophrenic they picked up off the street to
::administer it, so I only know rudimentary things about DNS and BIND. To
::make it worse, we're running BIND 4.9.3 and our cache table hasn't been
::updated for 4.5 years. www.taxes.ca.gov <http://www.taxes.ca.gov> has 2
::aliases: taxes.ca.gov and tax.ca.gov. All 3 are in our basic database,
::which we call ftb.name (I inherited all of this -- don't blame anything on
::me). The one in the subnet database file for 209.210.72 is www.ftb.ca.gov
::<http://www.ftb.ca.gov> (with a dot after it). As far as I can tell,
::everything is right for www.taxes.ca.gov <http://www.taxes.ca.gov> in our
::DNS tables. If you do an nslookup, the name gets changed to
::www.taxes.ca.gov.ftb.ca.gov <http://www.taxes.ca.gov.ftb.ca.gov> , and it
::resolves to the correct IP address (209.210.72.17).
::
::>From the outside world, if you put www.taxes.ca.gov
::<http://www.taxes.ca.gov> in your browser, you get the Web page
::immediately. From inside the organization it takes "too long" (say, a
::minute or so) -- long enough that we're getting complaints. If,
::from inside
::the organization, you put the IP address in the browser, you get the page
::immediately. If, from inside the organization, you put in www.ftb.ca.gov
::<http://www.ftb.ca.gov> , you get it immediately.
::
::Before we started looking into this, my PC, from which I was
::testing it, and
::which runs NT workstation, had nothing for domain or DNS Service search
::order under TCP/IP protocol properties. I added the domain
::(ftb.ca.gov) and
::our (internal) primary and secondary name server IP addresses, and I was
::confident that this would solve the problem. However, having the domain
::name and DNS name servers in my system doesn't help at all.
::
::tracert (from "DOS") waits a long time (about a minute), then shows the
::resolved name/IP ( www.taxes.ca.gov.ftb.ca.gov
::<http://www.taxes.ca.gov.ftb.ca.gov> ) and 2 hops: 10ms to the
::first router
::and 10 ms to the second router, then fizzles out. traceroute from a Unix
::machine waits about a minute, then shows the resolved name/IP and 3 hops:
::1ms/1ms/1ms to the first router, 1ms/1ms/1ms to the second router, and
::1ms/1ms/2ms to the firewall.
::
::Why does it take so long to get the name resolved? At first I
::thought maybe
::it was going to the other agency to resolve the "ca.gov", but based on the
::results from traceroute, it looks like it's resolving here. Does it have
::something to do with the duplicated "ca.gov"? Is that confusing BIND?
::
::I get the digest, and would very much appreciate it if anyone answering
::would cc my e-mail address: ann_stewart at ftb.ca.gov
::<mailto:ann_stewart at ftb.ca.gov> .
::
::Thank you.
::Ann Stewart
::DSSS Unix Support
::California Franchise Tax Board
::ann_stewart at ftb.ca.gov
::(916) 845-3790
::
::
::
::
::
More information about the bind-users
mailing list