What am I missing?

Kevin Darcy kcd at daimlerchrysler.com
Fri Jul 1 00:31:23 UTC 2005


Querylogging == good. What happens if you try querying each of those 
searchlisted names explicitly against the slave nameservers? Is there 
one in particular that's taking an excessive amount of time to resolve? 
What is the difference between the names that are being queried from the 
slave nameservers versus from the master? The fact that there is a 
difference in the number of queries suggests either that one type of 
server is able to resolve a name that the other type of server cannot, 
or that there is a timeout/retry occurring.

                                                                         
                                                                     - Kevin

Chris Zimmerman wrote:

> My apologies.  That's what I get for posting late in the work day with 
> no brain cycles left...
>
> ns1.domain.com
> named.conf:
>
> options {
>        directory "/var/named.data";    // directory for named
>        forwarders {
>                2.2.2.2;
>                1.1.1.1;
>        };
>         query-source address * port 53;
>         recursive-clients 5000;
>         tcp-clients 5000;
> };
>
> zone "domain.com" {
>        type master;
>        file "db.domain";
> };
>
> ... and so on...
>
> domain.com zone file:
>
> @       IN      SOA     ns1.domain.com. root.ns1.domain.com. (
>                                  999912979     ; Serial
>                                  10800         ; Refresh every 3 hours
>                                  3600          ; Retry every hour
>                                  604800        ; Expire after 1 week
>                                  60 )  ; Minimum ttl of 1 day
> ;  Name Servers
>                IN      NS      ns1.domain.com.
> ;               IN      NS      ns2.domain.com.
> ;
> ;
> ; *********** MAIL SYSTEMS **************************************
> domain.com.   IN      MX      10      mail.domain.com.
> ; ******* DIVISIONAL PRINTERS *********************************
> ;
> blah           IN      A       172.31.142.244
> ....and so on to the subdomain in the same zone file....
> ;**************************************************
> $ORIGIN test.domain.com.
> machine1          IN      A       10.247.0.20
>
>
>
> ns2.domain.com
> named.conf (same options as above)
>
> zone "domain.com" {
>        type slave;
>        file "db.domain";
>        masters { 172.29.3.11;} ;
> };
>
>
> dns1.test.domain.com
> dns2.test.domain.com
> Both are setup just like ns2.domain.com.
> The difference is in the /etc/resolv.conf.  ns1 and ns2 have 
> domain.com for their search domain, where dns1 and dns2 have 
> test.domain.com.  Nslookup works fine from all machines.  I'm running 
> into an issue with things like FTP clients and ssh from one machine to 
> another.  If the resolv.conf points to a slave server then the ssh or 
> ftp will take 10 seconds to resolve the hostname and start the 
> connection.  I've watched it with the querylogging turned on and I see 
> 3 attempts to resolve AAAA hostnames (I know it's ipv6, but I'm not 
> using it nor is it enabled on the machines), then a final attempt at 
> an A record which works and the connection is made.  If I point at the 
> master server, then I see 2 attempts at AAAA records VERY quickly, 
> then one A attempt which works.  This is only if I use the short names 
> to connect.  If I use the FQDN, everything works as expected.  I have 
> compiled bind with the --disable-ipv6 option to no avail.  I have 
> turned on the option in ssh that forces ipv4 which makes that work 
> everytime (short names or not), but FTP still suffers even when 
> compiled to turn off ipv6.  The host is SLES 9 with kernel 2.6.5 and 
> all ipv6 use has been removed.
>
> Where I'm confused is why the master works with short names or not in 
> either the main domain.com or with the test.domain.com sub domain but 
> the slaves don't?
>
> Hope this helps to clarify things.
>
>
>
>
>




More information about the bind-users mailing list