named DNS resolution latency

Mark Andrews marka at isc.org
Wed Apr 27 06:54:25 UTC 2016


In message <fqBat8weDpbu_0t6cIwiGkR5-yAD1-45FiAUTuPACpKcMjTxb8ZiruEl0qgYNQLU87MmgJHntQUQUiFvDty0Ng==@protonmail.com>, digen 
writes:
> Hi,
>
> Below is a sample output for reference where you can see that the amount
> of time taken by named in resolving DNS records,
>
> http://pastebin.com/TaNfqPwL
>
> http://pastebin.com/3gEtutmx
>
> named.conf - http://pastebin.com/UBPwFKBa
>
> This is occurring recently and the Linux box is 3 years old.
> Version - bind-9.8.2-0.37.rc1.el6_7.7.i686
> CentOS release 6.3 (Final)
>
> Any inputs on debugging this problem will be much appreciated.

Firstly "dnssec-validation yes;" -> "dnssec-validation auto;" so
you are not depending upon dlv for all your validation.  The root
was signed years ago.

Secondly have you changed firewall setting lately? 
Thirdly check you logs.  Look at packet traces of port 53 traffic.

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org


More information about the bind-users mailing list