external queries slow or timing out
Kevin Darcy
kcd at daimlerchrysler.com
Thu Jan 29 23:10:40 UTC 2004
Issue queries from your internal nameserver to each of the forwarders to
check that they are answering speedily. Check that the responses have
the RA flag set in them (you'll need nslookup's debug mode, or,
preferrably, a better lookup tool like "dig", to see that). If one of
the forwarders isn't honoring recursion for your server (i.e. RA not set
in responses), then you may have a delay with respect to queries which
don't already happen to be cached on that forwarder since it'll need to
fail over to the other forwarder in order to get the answer.
- Kevin
Jim Jarocki wrote:
>I'm running a split DNS configuration, 2 external servers (in the dmz
>portion of my network) are running bind-9.2.2, and name servers on the
>secure portion are running bind that ships with stock solaris (so usually
>some flavor of bind 8). I am experiencing very slow name service queries
>for any domain that I'm not authoritative for from my internal servers
>(who forward requests to the external servers). For example:
>
>ra% nslookup
>Default Server: ra.startribune.com
>Address: 132.148.70.53
>
>
>
>>set debug
>>www.abc.con
>>
>>
>Server: ra.startribune.com
>Address: 132.148.70.53
>
>;; res_nmkquery(QUERY, www.abc.con, IN, A)
>^C
>
>
>>www.abc.com
>>
>>
>Server: ra.startribune.com
>Address: 132.148.70.53
>
>;; res_nmkquery(QUERY, www.abc.com, IN, A)
>timeout
>timeout
>timeout
>------------
>Got answer:
> HEADER:
> opcode = QUERY, id = 84, rcode = NOERROR
> header flags: response, want recursion, recursion avail.
> questions = 1, answers = 2, authority records = 4, additional =
>0
>
> QUESTIONS:
> www.abc.com, type = A, class = IN
> ANSWERS:
> -> www.abc.com
> canonical name = abc.com
> ttl = 1200 (20M)
> -> abc.com
> internet address = 199.181.135.201
> ttl = 418 (418)
> AUTHORITY RECORDS:
> -> abc.com
> nameserver = sens02.dig.com
> ttl = 418 (418)
> -> abc.com
> nameserver = orns01.dig.com
> ttl = 418 (418)
> -> abc.com
> nameserver = orns02.dig.com
> ttl = 418 (418)
> -> abc.com
> nameserver = sens01.dig.com
> ttl = 418 (418)
>
>------------
>Non-authoritative answer:
>Name: abc.com
>Address: 199.181.135.201
>Aliases: www.abc.com
>
>
>Notice the 3 timeouts. That is consistant with any non-cached queries.
>Every test with nslookup times out 3 times, then is successful. A similar
>test from the external hosts resolves immediately (no timeouts) When i
>turn on debugging on the external name server, I see the last successful
>request, but nothing on the 3 timeouts. Maybe I just don't understand how
>forwarding exact works?
>
>A typical named.conf for an internal name server looks like:
>
>ra% more /etc/named.conf
>options {
> //
> //boot file for name server
> //
> //type domain source file or
> //
> directory "/var/named";
> forwarders {
> 132.148.87.39;
> 132.148.87.38;
> };
>
>};
>
>
>// };
>
>//};
>
>
>zone "startribune.com" in {
> type slave;
> file "startribune.db";
> masters { 132.148.25.36; };
>};
>
>zone "stribnet.com" in {
> type slave;
> file "stribnet.db";
> masters { 132.148.25.36; };
>};
>
>zone "stribsource.com" in {
> type slave;
> file "stribsource.db";
> masters { 132.148.25.36; };
>};
>
> zone "148.132.in-addr.arpa" in {
> type slave;
> file "startribune.rev";
> masters { 132.148.25.36; };
>};
>
> zone "." in {
> type hint;
> file "named.ca";
>};
>
>I'm runnning out of things to look at, and of course, the slowness of
>lookups are terribly annoying for my users. If anyone has ideas of
>specific things I should look at, please share them. Thanks in advance.
>
>-----------------------------------------------------------------------
>
>"If you're not part of the solution, you're part of the precipitate."
>
> -- Steve Wright
>
>-----------------------------------------------------------------------
>Jim Jarocki
>Systems Administrator
>jarocki at startribune.com
>-----------------------------------------------------------------------
>
>
>
>
>
>
>
>
More information about the bind-users
mailing list