Poor Performance bind 9.3

Layer3guru esavage at digitalrage.org
Wed Jun 15 00:27:37 UTC 2005 

It is working properly now. I got a tip that I should use "deny 
client-updates" in my dhcpd.conf and enable the xp machin with the register 
ip address check block checked again. This worked, though I have read the 
man page I am not sure why.

deny client-updates;
The client-updates flag tells the DHCP server whether or not to honor the 
client's intention to do its own update of its A record. This is only 
relevant when doing interim DNS updates. See the documentation under the 
heading THE INTERIM DNS UPDATE SCHEME for details.

Does this now work because  the client is being denied in trying to update 
dns itself and the dhcp updater knows this so it updates it?

"Layer3guru" <esavage at digitalrage.org> wrote in message 
news:d8nqgl$77i$1 at sf1.isc.org...
> For those that may have even looked at this post I did get DDNS working. I 
> had to touch all my windows clients and uncheck the block under network 
> settings that says Register this connections address in DNS.
> Strang as it seems I thought they all had to be checked. Under network 
> settings the only thing checked is "Append primary and connection specific 
> DNS suffixes".
>
> I tried this in my lab and finally got the .jnl file for the primary 
> domain and these entries in my log file.
> 14-Jun-2005 19:11:31.009 update: info: client 127.0.0.1#64172: updating 
> zone 'internal.digitalrage.org/IN': adding an RR at 
> 'test.internal.digitalrage.org' TXT
> 14-Jun-2005 19:11:31.012 update: info: client 127.0.0.1#51348: updating 
> zone '11.168.192.in-addr.arpa/IN': deleting rrset at 
> '40.11.168.192.in-addr.arpa' PTR
> 14-Jun-2005 19:11:31.013 update: info: client 127.0.0.1#51348: updating 
> zone '11.168.192.in-addr.arpa/IN': adding an RR at 
> '40.11.168.192.in-addr.arpa' PTR
>
> Only problem now, why is this happening. I thought with XP clients that 
> "Register this connections address in DNS" had to be checked.
>
> Also I aam stil having the proble with very slow dns lookups from bind 
> resolving external names like www.cisco.com there are no problem resolving 
> names internally. I was suspecting my test lab internet link at first but 
> if I take these same clients and point them to a windows 2003 dns server 
> the the time outs and slow lookups go totally away for the same sites I 
> test to.
>
> Any help at all would greatly be appreciated.
>
> "Layer3guru" <esavage at digitalrage.org> wrote in message 
> news:d8nmu0$1v3a$1 at sf1.isc.org...
>> Well I thought I had dynamic dns updating, for some reason it seems to be 
>> updating my reverse zone but not my forward. and I am not getting any 
>> errors in any of the logs any ideas?
>> "Layer3guru" <esavage at digitalrage.org> wrote in message 
>> news:d8n23t$2u7a$1 at sf1.isc.org...
>>>I need some help on where to start troublshooting.
>>>
>>> I have 1 xp client
>>> 1 2003 server Active Directory
>>> Bind 9.3 on FreeBSD in chroot
>>>
>>> If I point the xp client to the 2003 box dns is very snappy but if I 
>>> point it to the bind box it is very slow and times out from time to 
>>> time. Here is my conf file I have dhcp working and updating bind just 
>>> great. Just trying to troubleshoot the slowness issue. This is a test 
>>> lab of course. I am just not sure why one works great and the other 
>>> sucks. I am trying to migrate a small company to bind but trying to test 
>>> everything out in my lab first.
>>>
>>> more named.conf
>>> // Use the key
>>>
>>> include "/usr/local/etc/rndc.key";
>>>
>>> // Control statement
>>>
>>> controls {
>>>
>>> inet 127.0.0.1 allow { 127.0.0.1; } keys { "rndc-key"; };
>>>
>>> };
>>> options {
>>>  directory "/etc/namedb";
>>>  pid-file        "/var/run/named/pid";
>>>  dump-file       "/var/dump/named_dump.db";
>>>  statistics-file "/var/stats/named.stats";
>>>  allow-query { mysubnet; };
>>>  allow-recursion { mysubnet; };
>>>  allow-transfer { mysubnet; };
>>> };
>>>
>>> acl "mysubnet" {
>>>        {
>>>        192.168.11.0/24;
>>>        127.0.0.1;
>>>        };
>>> };
>>> zone "." {
>>>  type hint;
>>>  file "named.root";
>>> };
>>>
>>> zone "0.0.127.IN-ADDR.ARPA" {
>>>  type master;
>>>  file "localhost.rev";
>>> };
>>>
>>> // RFC 3152
>>> zone 
>>> "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA"
>>> {
>>>  type master;
>>>  file "localhost-v6.rev";
>>> };
>>>
>>> key DHCP_UPDATER {
>>>  algorithm HMAC-MD5.SIG-ALG.REG.INT;
>>>  secret XXXXXX;
>>> };
>>> logging {
>>>  channel update_debug {
>>>    file "/var/log/update-debug.log";
>>>    severity  debug 3;
>>>    print-category yes;
>>>    print-severity yes;
>>>    print-time     yes;
>>>  };
>>>  channel security_info    {
>>>    file "/var/log/named-auth.info";
>>>    severity  info;
>>>    print-category yes;
>>>    print-severity yes;
>>>    print-time     yes;
>>>  };
>>>
>>>  category update { update_debug; };
>>>  category security { security_info; };
>>> };
>>> zone "internal.digitalrage.org" in {
>>>        type master;
>>>        file "/etc/namedb/db.digital.org";
>>>        allow-update { key DHCP_UPDATER; };
>>>        };
>>> zone "11.168.192.in-addr.arpa" {
>>>  type master;
>>>  file "/etc/namedb/internal.localhost.rev";
>>>  allow-update { key DHCP_UPDATER; };
>>> };
>>>
>>
>>
>
>

More information about the bind-users mailing list