9.2.3 timeouts

Sat Feb 19 07:44:41 UTC 2005

I have two very strange problems.  We recently upgraded to Bind 9.2.3 
from a very old version of bind (Whatever RedHat 7.3 used by default) 
and we're running into two problems.

The more serious problem -- external lookups time out the first try.  If 
it's a new domain (not cached) it will time out the first time but if I 
look it up right away after it times out, it finds it.

Examples:

 > newdomain.com
Server:  x.x.x.x
Address:  x.x.x.x

DNS request timed out.
     timeout was 2 seconds.
*** Request to x.x.x.x timed-out

 > newdomain.com
Server:  x.x.x.x
Address:  x.x.x.x

Non-authoritative answer:
Name:    newdomain.com
Address:  213.188.129.48

Second problem, when I restart named, it takes about 5 minutes to go 
through the entire list of domains to load (We have about 9500 of them) 
and DNS queries to the nameserver time out during that time.  If I kill 
   syslogd (which currently is having bind report all of those 'loading 
zone' messages to /var/log/messages, bind works perfectly right away. 
Why would syslog cause that? There's not a huge load on the machine.

Specs on the box:

Fedora Core 2
Hyper-threaded P4 3.0 ghz.
1 Gig of ram
32G SCSI.

We have 4 nameservers, each of them on a dedicated 100Mbit link directly 
connected to the router and they all do this.  Here is my named.conf.

===========================================================================================
Options {
      directory "/var/named";

      allow-transfer {
         0.0.0.0 (Other ns IPs are here)
      };
};

key "key" {
         algorithm       hmac-md5;
         secret "key.is.here.";
};

controls {
         inet 127.0.0.1 allow { any; } keys { "key"; };
};

zone "." {
         type hint;
         file "db.cache";
};

### The list of 9500 domains are after this.

=============================================================================================

If anyone can point me in the right direction, that'd be great.

Thanks in advance,

Tyler