BIND TIMEOUT

Nick Allum Nick.Allum at rci.rogers.com
Mon Mar 12 13:04:49 UTC 2007


Does this happen only on your first attempt to resolve a new external
domain.

If you query something.com multiple times is it only on the first
attempt that it times out, and subsequent attempts are ok?

-----Original Message-----
From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org] On
Behalf Of Peter Dambier
Sent: Monday, March 12, 2007 8:38 AM
To: Andrea
Cc: comp-protocols-dns-bind at isc.org
Subject: Re: BIND TIMEOUT


Andrea wrote:
> hallo
> sorry, i speak English just a little...
> 
> when i query (with nslookup) some site on my dns....it answer 
> immediatly.
> 
> When I query other site (example ripe.net) it answer (first query)
> 
> DNS request timed out.
>     timeout was 2 seconds.
> 
> at the SECOND query on the same Site....it answer correctly.
> 
> I think that if it can use "more time"....it can answer at the first 
> query.
> 

I think the problem is your isp. Their open resolver is answering to
slowly. best get rid of them and use bind as a resolver.

look into your named.conf and find lines with "forwarder" and make them
a comment. The line should look like "# forwarders ..." or "//
forwarders ..." now.

be shure to have something like

# zone "." in {
#   type hint;
#   file "root.hint";
# };

I have made this a comment because I am using an italian root-server:

zone "." in {
   type slave;
   file "cesidian-root.zone";
   masters { 212.97.45.53; 82.199.205.254 port 3001; };
};


please be shure that nslookup is using bind and not you isp.

Somewhere windows does get its dns servers "automatically via dhcp)" or
you can put in two nameservers manually. Here you must put in you bind.

The line

masters { 212.97.45.53; 82.199.205.254 port 3001; };

Tells bind to slave the root-zone from

212.97.45.53;  from host 212.97.45.53 port 53, the normal dns port.

82.199.205.254 port 3001; or from host 212.97.45.53 port 3001.

Nowadays isp are blocking port 53 and open resolvers. That is why we had
to move this one to another port.

Open resolvers are attacked or used for attacking. That is why best get
rid of them and run you own.


Kind regards
Peter and Karin Dambier

> 
> 
> 
> "Danny Mayer" <mayer at gis.net> ha scritto nel messaggio
> news:est5ct$2ajg$1 at sf1.isc.org...
> 
>>Andrea wrote:
>>
>>>hello
>>>when i query my DNS...it always try to answer me in two seconds. Is 
>>>possible to enlarge this measure to...10 seconds? I use Bind 9.4 on 
>>>Windows. I can put "something" in boot.options?
>>>Thank you to all
>>
>>I'm not really sure what this question means. What is the real issue 
>>that you are trying to resolve. Maybe looking at the symptoms of what 
>>you are seeing will help us answer the question.
>>
>>Danny
>>
>>
> 
> 


-- 
Peter and Karin Dambier
Cesidian Root - Radice Cesidiana
Rimbacher-Strasse 16
D-69509 Moerlenbach-Bonsweiher
+49(6209)795-816 (Telekom)
+49(6252)750-308 (VoIP: sipgate.de)
mail: peter at peter-dambier.de
mail: peter at echnaton.serveftp.com
http://iason.site.voila.fr/ https://sourceforge.net/projects/iason/
http://www.cesidianroot.com/



More information about the bind-users mailing list