Poor Performance bind 9.3
Layer3guru
esavage at digitalrage.org
Wed Jun 15 00:27:37 UTC 2005
It is working properly now. I got a tip that I should use "deny
client-updates" in my dhcpd.conf and enable the xp machin with the register
ip address check block checked again. This worked, though I have read the
man page I am not sure why.
deny client-updates;
The client-updates flag tells the DHCP server whether or not to honor the
client's intention to do its own update of its A record. This is only
relevant when doing interim DNS updates. See the documentation under the
heading THE INTERIM DNS UPDATE SCHEME for details.
Does this now work because the client is being denied in trying to update
dns itself and the dhcp updater knows this so it updates it?
"Layer3guru" <esavage at digitalrage.org> wrote in message
news:d8nqgl$77i$1 at sf1.isc.org...
> For those that may have even looked at this post I did get DDNS working. I
> had to touch all my windows clients and uncheck the block under network
> settings that says Register this connections address in DNS.
> Strang as it seems I thought they all had to be checked. Under network
> settings the only thing checked is "Append primary and connection specific
> DNS suffixes".
>
> I tried this in my lab and finally got the .jnl file for the primary
> domain and these entries in my log file.
> 14-Jun-2005 19:11:31.009 update: info: client 127.0.0.1#64172: updating
> zone 'internal.digitalrage.org/IN': adding an RR at
> 'test.internal.digitalrage.org' TXT
> 14-Jun-2005 19:11:31.012 update: info: client 127.0.0.1#51348: updating
> zone '11.168.192.in-addr.arpa/IN': deleting rrset at
> '40.11.168.192.in-addr.arpa' PTR
> 14-Jun-2005 19:11:31.013 update: info: client 127.0.0.1#51348: updating
> zone '11.168.192.in-addr.arpa/IN': adding an RR at
> '40.11.168.192.in-addr.arpa' PTR
>
> Only problem now, why is this happening. I thought with XP clients that
> "Register this connections address in DNS" had to be checked.
>
> Also I aam stil having the proble with very slow dns lookups from bind
> resolving external names like www.cisco.com there are no problem resolving
> names internally. I was suspecting my test lab internet link at first but
> if I take these same clients and point them to a windows 2003 dns server
> the the time outs and slow lookups go totally away for the same sites I
> test to.
>
> Any help at all would greatly be appreciated.
>
> "Layer3guru" <esavage at digitalrage.org> wrote in message
> news:d8nmu0$1v3a$1 at sf1.isc.org...
>> Well I thought I had dynamic dns updating, for some reason it seems to be
>> updating my reverse zone but not my forward. and I am not getting any
>> errors in any of the logs any ideas?
>> "Layer3guru" <esavage at digitalrage.org> wrote in message
>> news:d8n23t$2u7a$1 at sf1.isc.org...
>>>I need some help on where to start troublshooting.
>>>
>>> I have 1 xp client
>>> 1 2003 server Active Directory
>>> Bind 9.3 on FreeBSD in chroot
>>>
>>> If I point the xp client to the 2003 box dns is very snappy but if I
>>> point it to the bind box it is very slow and times out from time to
>>> time. Here is my conf file I have dhcp working and updating bind just
>>> great. Just trying to troubleshoot the slowness issue. This is a test
>>> lab of course. I am just not sure why one works great and the other
>>> sucks. I am trying to migrate a small company to bind but trying to test
>>> everything out in my lab first.
>>>
>>> more named.conf
>>> // Use the key
>>>
>>> include "/usr/local/etc/rndc.key";
>>>
>>> // Control statement
>>>
>>> controls {
>>>
>>> inet 127.0.0.1 allow { 127.0.0.1; } keys { "rndc-key"; };
>>>
>>> };
>>> options {
>>> directory "/etc/namedb";
>>> pid-file "/var/run/named/pid";
>>> dump-file "/var/dump/named_dump.db";
>>> statistics-file "/var/stats/named.stats";
>>> allow-query { mysubnet; };
>>> allow-recursion { mysubnet; };
>>> allow-transfer { mysubnet; };
>>> };
>>>
>>> acl "mysubnet" {
>>> {
>>> 192.168.11.0/24;
>>> 127.0.0.1;
>>> };
>>> };
>>> zone "." {
>>> type hint;
>>> file "named.root";
>>> };
>>>
>>> zone "0.0.127.IN-ADDR.ARPA" {
>>> type master;
>>> file "localhost.rev";
>>> };
>>>
>>> // RFC 3152
>>> zone
>>> "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA"
>>> {
>>> type master;
>>> file "localhost-v6.rev";
>>> };
>>>
>>> key DHCP_UPDATER {
>>> algorithm HMAC-MD5.SIG-ALG.REG.INT;
>>> secret XXXXXX;
>>> };
>>> logging {
>>> channel update_debug {
>>> file "/var/log/update-debug.log";
>>> severity debug 3;
>>> print-category yes;
>>> print-severity yes;
>>> print-time yes;
>>> };
>>> channel security_info {
>>> file "/var/log/named-auth.info";
>>> severity info;
>>> print-category yes;
>>> print-severity yes;
>>> print-time yes;
>>> };
>>>
>>> category update { update_debug; };
>>> category security { security_info; };
>>> };
>>> zone "internal.digitalrage.org" in {
>>> type master;
>>> file "/etc/namedb/db.digital.org";
>>> allow-update { key DHCP_UPDATER; };
>>> };
>>> zone "11.168.192.in-addr.arpa" {
>>> type master;
>>> file "/etc/namedb/internal.localhost.rev";
>>> allow-update { key DHCP_UPDATER; };
>>> };
>>>
>>
>>
>
>
More information about the bind-users
mailing list