Why are only com/net/org slow?
Kevin Darcy
kcd at chrysler.com
Wed Mar 12 00:57:17 UTC 2008
W Sanders wrote:
> This doesn't seem to have much to do with BIND, but it's one I have not
> seen before. We operate some cache-only DNS servers for customers to
> point their resolvers to. Most of these are running BIND 9.4.1+.
>
> On all the hosts I've tested so far, when I do a
>
> dig @ourserver somedomain.com
> dig @ourserver somedomain.net
> dig @ourserver somedomain.org
>
> it takes 4+ sec to get the initial non-cached response, whether valid
> or
> NXDOMAIN, back from com/net/org. In fact org often *hangs*.
>
> All other TLDs, and ".", are fast and behave as expected.
>
> I can reproduce this from several of our cache-only servers, in a
> variety of geographic locations.
>
> It's killing people who are (ab)using our servers to lookup up DNS
> records for antispam purposes, since spammer's garbage domain names
> will not be cached, and take a while to look up or even time out.
>
> It's most likely some bizarre problem on our networks (we have a lot of
> split routes etc), especially since .org hangs occasionally for valid
> name lookups. I haven't the foggiest idea how to debug this
> further. Anyone seen this?
>
> Thanks - W Sanders
> http://wsanders.net
>
>
>
Test your connectivity to all of the .com/.net/.org nameservers. Make
sure to use EDNS for your test queries, since that's what BIND will be
doing as well.
- Kevin
More information about the bind-users
mailing list