Why are only com/net/org slow?

Peter Dambier peter at peter-dambier.de
Wed Mar 12 10:15:18 UTC 2008

it could be IPv6.

Many nameservers do have both A and AAAA records.

Once I got rid of the problem when I removed all IPv6 stuff from my
nameserver, to prevent bind from trying IPv6 first and finally forgetting
IPv4 if the queried server had both IPv4 and IPv6 addresses.

Another time I got rid of the problem when I put only IPv4 addresses in
my /etc/hosts but I am afraid only dig and not bind does look there.

Try dig not only on your resolver but on the forwarders too and on the

e.g: try "dig pccf.net +trace"

; <<>> DiG 9.4.0 <<>> pccf.net +trace
;; global options:  printcmd
.                       279560  IN      NS      d-root.cesidio.net.
.                       279560  IN      NS      b-root.cesidio.net.
;; Received 128 bytes from in 0 ms

net.                    96400   IN      NS      i.gtld-servers.net.
net.                    96400   IN      NS      h.gtld-servers.net.
;; Received 511 bytes from in 56 ms

pccf.net.               172800  IN      NS      ns1.servage.net.
pccf.net.               172800  IN      NS      ns4.servage.net.
;; Received 170 bytes from in 174 ms

pccf.net.               86400   IN      A
pccf.net.               86400   IN      NS      ns4.servage.net.
;; Received 122 bytes from 2001:16d8:ff00:1ac::2#53(ns2.servage.net) in 267 ms

This should tell you where the time is spent.

A cache querying another cache does not make a lot of sense. It only wastes
time and delays things. Try to turn your cache into a resolver

Hope I could help you.

Kind regards

Kevin Darcy wrote:
> W Sanders wrote:
>> This doesn't seem to have much to do with BIND, but it's one I have not
>> seen before. We operate some cache-only DNS servers for customers to
>> point their resolvers to. Most of these are running BIND 9.4.1+.
>> On all the hosts I've tested so far, when I do a 
>> dig @ourserver somedomain.com 
>> dig @ourserver somedomain.net
>> dig @ourserver somedomain.org 
>> it takes 4+ sec to get the initial non-cached response, whether valid
>> or
>> NXDOMAIN, back from com/net/org. In fact org often *hangs*.
>> All other TLDs, and ".", are fast and behave as expected.
>> I can reproduce this from several of our cache-only servers, in a
>> variety of geographic locations.
>> It's killing people who are (ab)using our servers to lookup up DNS
>> records for antispam purposes, since spammer's garbage domain names
>> will not be cached, and take a while to look up or even time out.
>> It's most likely some bizarre problem on our networks (we have a lot of
>> split routes etc), especially since .org hangs occasionally for valid
>> name lookups. I haven't the foggiest idea how to debug this
>> further. Anyone seen this?
>> Thanks - W Sanders 
>> http://wsanders.net
> Test your connectivity to all of the .com/.net/.org nameservers. Make 
> sure to use EDNS for your test queries, since that's what BIND will be 
> doing as well.
>                                           - Kevin

Peter and Karin Dambier
Cesidian Root - Radice Cesidiana
Rimbacher Strasse 16
D-69509 Moerlenbach-Bonsweiher
+49(6209)795-816 (Telekom)
+49(6252)750-308 (VoIP: sipgate.de)
mail: peter at peter-dambier.de

More information about the bind-users mailing list