forwarder (YES/NO)

John W. Blue john.blue at rrcic.com
Wed Sep 21 21:28:18 UTC 2016


Pol,

You can "audit" your traffic by getting a pcap via tcpdump and then analyzing it in wireshark.  Packets don't lie.

John

Sent from Nine<http://www.9folders.com/>

From: Pol Hallen <bindml at fuckaround.org>
Sent: Sep 21, 2016 2:35 PM
To: bind-users at lists.isc.org
Subject: Re: forwarder (YES/NO)

hello again!

> try running dig +trace <host> and see how fast it runs. It should return
> in about same time as BIND does (when it doesn't have anything in cache).

; <<>> DiG 9.10.3-P4-Debian <<>> +trace @192.168.1.212 yahoo.it
; (1 server found)
;; global options: +cmd
.                       518367  IN      NS      d.root-servers.net.
.                       518367  IN      NS      g.root-servers.net.
.                       518367  IN      NS      e.root-servers.net.
.                       518367  IN      NS      h.root-servers.net.
.                       518367  IN      NS      b.root-servers.net.
.                       518367  IN      NS      c.root-servers.net.
.                       518367  IN      NS      a.root-servers.net.
.                       518367  IN      NS      l.root-servers.net.
.                       518367  IN      NS      i.root-servers.net.
.                       518367  IN      NS      m.root-servers.net.
.                       518367  IN      NS      k.root-servers.net.
.                       518367  IN      NS      j.root-servers.net.
.                       518367  IN      NS      f.root-servers.net.
.                       518396  IN      RRSIG   NS 8 0 518400
20161004170000 20160921160000 46551 .
tZptpyBClVtkAbyo4NOR2MgHDoq67TlImcBVzZORhn7C2c557prmG42J
sSPD8aZmisk3bbUJbmqFVFB/M2y/O4zjw3jBf42ujHce99VD3xCeJuk7
boGW356J6c7JaApB02GRf3SGQIv7x6MVyBmGeKxAosEePlbfjg/8NPEY +y0=
;; Received 397 bytes from 192.168.1.212#53(192.168.1.212) in 2 ms

it.                     172800  IN      NS      a.dns.it.
it.                     172800  IN      NS      m.dns.it.
it.                     172800  IN      NS      r.dns.it.
it.                     172800  IN      NS      dns.nic.it.
it.                     172800  IN      NS      nameserver.cnr.it.
it.                     86400   IN      NSEC    itau. NS RRSIG NSEC
it.                     86400   IN      RRSIG   NSEC 8 1 86400
20161004170000 20160921160000 46551 .
LL0eXWf22Lhhi5C0P+PX446JQH+GwCFhxU7tkUUF9wyG+pQ0eDCnpTu0
vm0ww/3YycmNJwlF3IHJmLIh2l7htSW6G/o2/ozNbZU6RF9pMhKxQNrJ
aE6hf4L+Ka1N5uNstgJzrE6pV9ouXOJmL0Epoa3gUnbSZcFHH5QrKbu6 AfQ=
;; Received 545 bytes from 192.58.128.30#53(j.root-servers.net) in 577 ms

yahoo.it.               10800   IN      NS      ns2.yahoo.com.
yahoo.it.               10800   IN      NS      ns1.yahoo.com.
yahoo.it.               10800   IN      NS      ns5.yahoo.com.
yahoo.it.               10800   IN      NS      ns7.yahoo.com.
yahoo.it.               10800   IN      NS      ns3.yahoo.com.
;; Received 136 bytes from 194.0.16.215#53(a.dns.it) in 136 ms

yahoo.it.               300     IN      A       106.10.212.24
yahoo.it.               300     IN      A       98.137.236.24
yahoo.it.               300     IN      A       77.238.184.24
yahoo.it.               300     IN      A       212.82.102.24
yahoo.it.               300     IN      A       74.6.50.24
yahoo.it.               86400   IN      NS      ns3.yahoo.com.
yahoo.it.               86400   IN      NS      ns2.yahoo.com.
yahoo.it.               86400   IN      NS      ns1.yahoo.com.
yahoo.it.               86400   IN      NS      ns4.yahoo.com.
yahoo.it.               86400   IN      NS      ns5.yahoo.com.
;; Received 380 bytes from 68.180.131.16#53(ns1.yahoo.com) in 173 ms

same problem... bind is too slow...

the situation change (very fast) if I use bind like resolver

forwarders {
8.8.8.8;
}

I don't understand why without resolver my bind is so slow... how I can
audit the problem?

thanks! :-)

>> but testing 127.0.0.1, bind keep also 4000/5000ms to resolve a query
>
>
>> forwarders {
>> 127.0.0.1;
>> }
>
> do you forward to yourself???

unfortunately looking for bind on internet there're many wrong howto :-/

Pol
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
bind-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20160921/cea90c6f/attachment-0001.html>


More information about the bind-users mailing list