What am I missing?
Chris Zimmerman
czimmer at wczimmerman.dyndns.org
Fri Jul 1 01:09:04 UTC 2005
All the names (A records) can be queried and will have the 10 sec delay
if I use the short name:
machine1.test.domain.com:
ns1.domain.com: instant
dns1.test.domain.com: instant
dns2.test.domain.com: instant
Using machine only (resolv.conf search domain set to test.domain.com):
ns1.domain.com: instant
dns1.test.domain.com: 10 sec
dns2.test.domain.com: 10 sec
It doesn't matter which host I use, they all do the same thing.
Kevin Darcy wrote:
>Querylogging == good. What happens if you try querying each of those
>searchlisted names explicitly against the slave nameservers? Is there
>one in particular that's taking an excessive amount of time to resolve?
>What is the difference between the names that are being queried from the
>slave nameservers versus from the master? The fact that there is a
>difference in the number of queries suggests either that one type of
>server is able to resolve a name that the other type of server cannot,
>or that there is a timeout/retry occurring.
>
>
> - Kevin
>
>Chris Zimmerman wrote:
>
>
>
>>My apologies. That's what I get for posting late in the work day with
>>no brain cycles left...
>>
>>ns1.domain.com
>>named.conf:
>>
>>options {
>> directory "/var/named.data"; // directory for named
>> forwarders {
>> 2.2.2.2;
>> 1.1.1.1;
>> };
>> query-source address * port 53;
>> recursive-clients 5000;
>> tcp-clients 5000;
>>};
>>
>>zone "domain.com" {
>> type master;
>> file "db.domain";
>>};
>>
>>... and so on...
>>
>>domain.com zone file:
>>
>>@ IN SOA ns1.domain.com. root.ns1.domain.com. (
>> 999912979 ; Serial
>> 10800 ; Refresh every 3 hours
>> 3600 ; Retry every hour
>> 604800 ; Expire after 1 week
>> 60 ) ; Minimum ttl of 1 day
>>; Name Servers
>> IN NS ns1.domain.com.
>>; IN NS ns2.domain.com.
>>;
>>;
>>; *********** MAIL SYSTEMS **************************************
>>domain.com. IN MX 10 mail.domain.com.
>>; ******* DIVISIONAL PRINTERS *********************************
>>;
>>blah IN A 172.31.142.244
>>....and so on to the subdomain in the same zone file....
>>;**************************************************
>>$ORIGIN test.domain.com.
>>machine1 IN A 10.247.0.20
>>
>>
>>
>>ns2.domain.com
>>named.conf (same options as above)
>>
>>zone "domain.com" {
>> type slave;
>> file "db.domain";
>> masters { 172.29.3.11;} ;
>>};
>>
>>
>>dns1.test.domain.com
>>dns2.test.domain.com
>>Both are setup just like ns2.domain.com.
>>The difference is in the /etc/resolv.conf. ns1 and ns2 have
>>domain.com for their search domain, where dns1 and dns2 have
>>test.domain.com. Nslookup works fine from all machines. I'm running
>>into an issue with things like FTP clients and ssh from one machine to
>>another. If the resolv.conf points to a slave server then the ssh or
>>ftp will take 10 seconds to resolve the hostname and start the
>>connection. I've watched it with the querylogging turned on and I see
>>3 attempts to resolve AAAA hostnames (I know it's ipv6, but I'm not
>>using it nor is it enabled on the machines), then a final attempt at
>>an A record which works and the connection is made. If I point at the
>>master server, then I see 2 attempts at AAAA records VERY quickly,
>>then one A attempt which works. This is only if I use the short names
>>to connect. If I use the FQDN, everything works as expected. I have
>>compiled bind with the --disable-ipv6 option to no avail. I have
>>turned on the option in ssh that forces ipv4 which makes that work
>>everytime (short names or not), but FTP still suffers even when
>>compiled to turn off ipv6. The host is SLES 9 with kernel 2.6.5 and
>>all ipv6 use has been removed.
>>
>>Where I'm confused is why the master works with short names or not in
>>either the main domain.com or with the test.domain.com sub domain but
>>the slaves don't?
>>
>>Hope this helps to clarify things.
>>
>>
>>
>>
>>
>>
>>
>
>
>
>
More information about the bind-users
mailing list