Poor Performance bind 9.3

Wed Jun 15 02:54:46 UTC 2005

Try running BIND in debug mode to see what's causing the pauses...

/usr/sbin/named -c /etc/namedb/named.conf -d 10 -g

This is assuming you're using the copy of named with FreeBSD and your 
config file is in /etc/namedb/named.conf... Change for your setup. 
This will start named in the foreground with debugging output to your 
session. If debugging level 10 is too much information, try a lesser level.

Offhand, I would try starting it with the -4 switch to limit it to 
IPv4 traffic. Sometimes if your OS is IPv6 enabled, BIND will try to 
use the v6 connectivity (that you may not have) first. I've noted on 
my FreeBSD test server that using the -4 switch sped up a lot of 
lookup operations for me.

At 07:27 PM 6/14/2005, Layer3guru wrote:
>For those that may have even looked at this post I did get DDNS working. I
>had to touch all my windows clients and uncheck the block under network
>settings that says Register this connections address in DNS.
>Strang as it seems I thought they all had to be checked. Under network
>settings the only thing checked is "Append primary and connection specific
>DNS suffixes".
>
>I tried this in my lab and finally got the .jnl file for the primary domain
>and these entries in my log file.
>14-Jun-2005 19:11:31.009 update: info: client 127.0.0.1#64172: updating zone
>'internal.digitalrage.org/IN': adding an RR at
>'test.internal.digitalrage.org' TXT
>14-Jun-2005 19:11:31.012 update: info: client 127.0.0.1#51348: updating zone
>'11.168.192.in-addr.arpa/IN': deleting rrset at '40.11.168.192.in-addr.arpa'
>PTR
>14-Jun-2005 19:11:31.013 update: info: client 127.0.0.1#51348: updating zone
>'11.168.192.in-addr.arpa/IN': adding an RR at '40.11.168.192.in-addr.arpa'
>PTR
>
>Only problem now, why is this happening. I thought with XP clients that
>"Register this connections address in DNS" had to be checked.
>
>Also I aam stil having the proble with very slow dns lookups from bind
>resolving external names like www.cisco.com there are no problem resolving
>names internally. I was suspecting my test lab internet link at first but if
>I take these same clients and point them to a windows 2003 dns server the
>the time outs and slow lookups go totally away for the same sites I test to.
>
>Any help at all would greatly be appreciated.
>
>"Layer3guru" <esavage at digitalrage.org> wrote in message
>news:d8nmu0$1v3a$1 at sf1.isc.org...
> > Well I thought I had dynamic dns updating, for some reason it seems to be
> > updating my reverse zone but not my forward. and I am not getting any
> > errors in any of the logs any ideas?
> > "Layer3guru" <esavage at digitalrage.org> wrote in message
> > news:d8n23t$2u7a$1 at sf1.isc.org...
> >>I need some help on where to start troublshooting.
> >>
> >> I have 1 xp client
> >> 1 2003 server Active Directory
> >> Bind 9.3 on FreeBSD in chroot
> >>
> >> If I point the xp client to the 2003 box dns is very snappy but if I
> >> point it to the bind box it is very slow and times out from time to time.
> >> Here is my conf file I have dhcp working and updating bind just great.
> >> Just trying to troubleshoot the slowness issue. This is a test lab of
> >> course. I am just not sure why one works great and the other sucks. I am
> >> trying to migrate a small company to bind but trying to test everything
> >> out in my lab first.
> >>
> >> more named.conf
> >> // Use the key
> >>
> >> include "/usr/local/etc/rndc.key";
> >>
> >> // Control statement
> >>
> >> controls {
> >>
> >> inet 127.0.0.1 allow { 127.0.0.1; } keys { "rndc-key"; };
> >>
> >> };
> >> options {
> >>  directory "/etc/namedb";
> >>  pid-file        "/var/run/named/pid";
> >>  dump-file       "/var/dump/named_dump.db";
> >>  statistics-file "/var/stats/named.stats";
> >>  allow-query { mysubnet; };
> >>  allow-recursion { mysubnet; };
> >>  allow-transfer { mysubnet; };
> >> };
> >>
> >> acl "mysubnet" {
> >>        {
> >>        192.168.11.0/24;
> >>        127.0.0.1;
> >>        };
> >> };
> >> zone "." {
> >>  type hint;
> >>  file "named.root";
> >> };
> >>
> >> zone "0.0.127.IN-ADDR.ARPA" {
> >>  type master;
> >>  file "localhost.rev";
> >> };
> >>
> >> // RFC 3152
> >> zone
> >> "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA"
> >> {
> >>  type master;
> >>  file "localhost-v6.rev";
> >> };
> >>
> >> key DHCP_UPDATER {
> >>  algorithm HMAC-MD5.SIG-ALG.REG.INT;
> >>  secret XXXXXX;
> >> };
> >> logging {
> >>  channel update_debug {
> >>    file "/var/log/update-debug.log";
> >>    severity  debug 3;
> >>    print-category yes;
> >>    print-severity yes;
> >>    print-time     yes;
> >>  };
> >>  channel security_info    {
> >>    file "/var/log/named-auth.info";
> >>    severity  info;
> >>    print-category yes;
> >>    print-severity yes;
> >>    print-time     yes;
> >>  };
> >>
> >>  category update { update_debug; };
> >>  category security { security_info; };
> >> };
> >> zone "internal.digitalrage.org" in {
> >>        type master;
> >>        file "/etc/namedb/db.digital.org";
> >>        allow-update { key DHCP_UPDATER; };
> >>        };
> >> zone "11.168.192.in-addr.arpa" {
> >>  type master;
> >>  file "/etc/namedb/internal.localhost.rev";
> >>  allow-update { key DHCP_UPDATER; };
> >> };
> >>
> >
> >

Vinny Abello
Network Engineer
Server Management
vinny at tellurian.com
(973)300-9211 x 125
(973)940-6125 (Direct)
PGP Key Fingerprint: 3BC5 9A48 FC78 03D3 82E0  E935 5325 FBCB 0100 977A

Tellurian Networks - The Ultimate Internet Connection
http://www.tellurian.com (888)TELLURIAN

"Courage is resistance to fear, mastery of fear - not absence of 
fear" -- Mark Twain