forwarder (YES/NO)
Chris Buxton
clists at buxtonfamily.us
Thu Sep 22 01:05:59 UTC 2016
Funny email address.
I could be wrong, but it looks like you might have a firewall problem. The one really slow response is the one over 512 bytes. Is it possible you have a firewall that examines the contents of DNS messages?
Regards,
Chris
Sent from my iPhone
> On Sep 21, 2016, at 12:34 PM, Pol Hallen <bindml at fuckaround.org> wrote:
>
> hello again!
>
>> try running dig +trace <host> and see how fast it runs. It should return
>> in about same time as BIND does (when it doesn't have anything in cache).
>
> ; <<>> DiG 9.10.3-P4-Debian <<>> +trace @192.168.1.212 yahoo.it
> ; (1 server found)
> ;; global options: +cmd
> . 518367 IN NS d.root-servers.net.
> . 518367 IN NS g.root-servers.net.
> . 518367 IN NS e.root-servers.net.
> . 518367 IN NS h.root-servers.net.
> . 518367 IN NS b.root-servers.net.
> . 518367 IN NS c.root-servers.net.
> . 518367 IN NS a.root-servers.net.
> . 518367 IN NS l.root-servers.net.
> . 518367 IN NS i.root-servers.net.
> . 518367 IN NS m.root-servers.net.
> . 518367 IN NS k.root-servers.net.
> . 518367 IN NS j.root-servers.net.
> . 518367 IN NS f.root-servers.net.
> . 518396 IN RRSIG NS 8 0 518400 20161004170000 20160921160000 46551 . tZptpyBClVtkAbyo4NOR2MgHDoq67TlImcBVzZORhn7C2c557prmG42J sSPD8aZmisk3bbUJbmqFVFB/M2y/O4zjw3jBf42ujHce99VD3xCeJuk7 boGW356J6c7JaApB02GRf3SGQIv7x6MVyBmGeKxAosEePlbfjg/8NPEY +y0=
> ;; Received 397 bytes from 192.168.1.212#53(192.168.1.212) in 2 ms
>
> it. 172800 IN NS a.dns.it.
> it. 172800 IN NS m.dns.it.
> it. 172800 IN NS r.dns.it.
> it. 172800 IN NS dns.nic.it.
> it. 172800 IN NS nameserver.cnr.it.
> it. 86400 IN NSEC itau. NS RRSIG NSEC
> it. 86400 IN RRSIG NSEC 8 1 86400 20161004170000 20160921160000 46551 . LL0eXWf22Lhhi5C0P+PX446JQH+GwCFhxU7tkUUF9wyG+pQ0eDCnpTu0 vm0ww/3YycmNJwlF3IHJmLIh2l7htSW6G/o2/ozNbZU6RF9pMhKxQNrJ aE6hf4L+Ka1N5uNstgJzrE6pV9ouXOJmL0Epoa3gUnbSZcFHH5QrKbu6 AfQ=
> ;; Received 545 bytes from 192.58.128.30#53(j.root-servers.net) in 577 ms
>
> yahoo.it. 10800 IN NS ns2.yahoo.com.
> yahoo.it. 10800 IN NS ns1.yahoo.com.
> yahoo.it. 10800 IN NS ns5.yahoo.com.
> yahoo.it. 10800 IN NS ns7.yahoo.com.
> yahoo.it. 10800 IN NS ns3.yahoo.com.
> ;; Received 136 bytes from 194.0.16.215#53(a.dns.it) in 136 ms
>
> yahoo.it. 300 IN A 106.10.212.24
> yahoo.it. 300 IN A 98.137.236.24
> yahoo.it. 300 IN A 77.238.184.24
> yahoo.it. 300 IN A 212.82.102.24
> yahoo.it. 300 IN A 74.6.50.24
> yahoo.it. 86400 IN NS ns3.yahoo.com.
> yahoo.it. 86400 IN NS ns2.yahoo.com.
> yahoo.it. 86400 IN NS ns1.yahoo.com.
> yahoo.it. 86400 IN NS ns4.yahoo.com.
> yahoo.it. 86400 IN NS ns5.yahoo.com.
> ;; Received 380 bytes from 68.180.131.16#53(ns1.yahoo.com) in 173 ms
>
> same problem... bind is too slow...
>
> the situation change (very fast) if I use bind like resolver
>
> forwarders {
> 8.8.8.8;
> }
>
> I don't understand why without resolver my bind is so slow... how I can audit the problem?
>
> thanks! :-)
>
>>> but testing 127.0.0.1, bind keep also 4000/5000ms to resolve a query
>>
>>
>>> forwarders {
>>> 127.0.0.1;
>>> }
>>
>> do you forward to yourself???
>
> unfortunately looking for bind on internet there're many wrong howto :-/
>
> Pol
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
More information about the bind-users
mailing list