Why are only com/net/org slow?
peter at peter-dambier.de
Wed Mar 12 10:15:18 UTC 2008
it could be IPv6.
Many nameservers do have both A and AAAA records.
Once I got rid of the problem when I removed all IPv6 stuff from my
nameserver, to prevent bind from trying IPv6 first and finally forgetting
IPv4 if the queried server had both IPv4 and IPv6 addresses.
Another time I got rid of the problem when I put only IPv4 addresses in
my /etc/hosts but I am afraid only dig and not bind does look there.
Try dig not only on your resolver but on the forwarders too and on the
e.g: try "dig pccf.net +trace"
; <<>> DiG 9.4.0 <<>> pccf.net +trace
;; global options: printcmd
. 279560 IN NS d-root.cesidio.net.
. 279560 IN NS b-root.cesidio.net.
;; Received 128 bytes from 220.127.116.11#53(18.104.22.168) in 0 ms
net. 96400 IN NS i.gtld-servers.net.
net. 96400 IN NS h.gtld-servers.net.
;; Received 511 bytes from 22.214.171.124#53(a-root.cesidio.net) in 56 ms
pccf.net. 172800 IN NS ns1.servage.net.
pccf.net. 172800 IN NS ns4.servage.net.
;; Received 170 bytes from 126.96.36.199#53(e.gtld-servers.net) in 174 ms
pccf.net. 86400 IN A 188.8.131.52
pccf.net. 86400 IN NS ns4.servage.net.
;; Received 122 bytes from 2001:16d8:ff00:1ac::2#53(ns2.servage.net) in 267 ms
This should tell you where the time is spent.
A cache querying another cache does not make a lot of sense. It only wastes
time and delays things. Try to turn your cache into a resolver
Hope I could help you.
Kevin Darcy wrote:
> W Sanders wrote:
>> This doesn't seem to have much to do with BIND, but it's one I have not
>> seen before. We operate some cache-only DNS servers for customers to
>> point their resolvers to. Most of these are running BIND 9.4.1+.
>> On all the hosts I've tested so far, when I do a
>> dig @ourserver somedomain.com
>> dig @ourserver somedomain.net
>> dig @ourserver somedomain.org
>> it takes 4+ sec to get the initial non-cached response, whether valid
>> NXDOMAIN, back from com/net/org. In fact org often *hangs*.
>> All other TLDs, and ".", are fast and behave as expected.
>> I can reproduce this from several of our cache-only servers, in a
>> variety of geographic locations.
>> It's killing people who are (ab)using our servers to lookup up DNS
>> records for antispam purposes, since spammer's garbage domain names
>> will not be cached, and take a while to look up or even time out.
>> It's most likely some bizarre problem on our networks (we have a lot of
>> split routes etc), especially since .org hangs occasionally for valid
>> name lookups. I haven't the foggiest idea how to debug this
>> further. Anyone seen this?
>> Thanks - W Sanders
> Test your connectivity to all of the .com/.net/.org nameservers. Make
> sure to use EDNS for your test queries, since that's what BIND will be
> doing as well.
> - Kevin
Peter and Karin Dambier
Cesidian Root - Radice Cesidiana
Rimbacher Strasse 16
+49(6252)750-308 (VoIP: sipgate.de)
mail: peter at peter-dambier.de
More information about the bind-users