<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
On 10/4/2011 12:40 PM, Pablo Maurelli wrote:
<blockquote
cite="mid:CAFpOY6r22tM803UT4aYHoTWq+S1kS_MwvVYpid20TrLS93oNuw@mail.gmail.com"
type="cite">
<div class="gmail_quote">
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt
0.8ex; border-left: 1px solid rgb(204, 204, 204);
padding-left: 1ex;"><span style="color: rgb(51, 51, 51);
font-family: arial,sans-serif; font-size: 16px;
background-color: rgb(245, 245, 245);"><span>hello</span><span>,
pick up</span> <span>a</span> <span>dns</span> <span>server
with</span> <span>bind9,</span> <span>is resolving</span> <span>claims,</span> <span>but</span> <span>it
takes</span> <span>time</span> <span>to resolve</span> <span>a
lot, sometimes</span> <span>throw</span> <span>timeout</span> <span>error</span> <span>and
the second time</span> <span>resolved</span><span>, any
ideas?</span><br>
<span>I pass</span> <span>below</span> <span>my</span> <span>named.conf,</span> <span>host.conf</span> <span>and</span> <span>nsswitch.conf</span></span></blockquote>
<div><br>
</div>
<div><br>
</div>
<div><b><u>DIG:</u></b></div>
<div><br>
</div>
<div>
<div>; <<>> DiG 9.7.3 <<>></div>
<div>;; global options: +cmd</div>
<div>;; Got answer:</div>
<div>;; ->>HEADER<<- opcode: QUERY, status:
NOERROR, id: 90</div>
<div>;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0,
ADDITIONAL: 14</div>
<div><br>
</div>
<div>;; QUESTION SECTION:</div>
<div>;. IN NS</div>
<div><br>
</div>
<div>;; ANSWER SECTION:</div>
<div>. 517816 IN NS <a
moz-do-not-send="true" href="http://g.root-servers.net">g.root-servers.net</a>.</div>
<div>. 517816 IN NS <a
moz-do-not-send="true" href="http://a.root-servers.net">a.root-servers.net</a>.</div>
<div>. 517816 IN NS <a
moz-do-not-send="true" href="http://m.root-servers.net">m.root-servers.net</a>.</div>
<div>. 517816 IN NS <a
moz-do-not-send="true" href="http://f.root-servers.net">f.root-servers.net</a>.</div>
<div>. 517816 IN NS <a
moz-do-not-send="true" href="http://b.root-servers.net">b.root-servers.net</a>.</div>
<div>. 517816 IN NS <a
moz-do-not-send="true" href="http://e.root-servers.net">e.root-servers.net</a>.</div>
<div>. 517816 IN NS <a
moz-do-not-send="true" href="http://j.root-servers.net">j.root-servers.net</a>.</div>
<div>. 517816 IN NS <a
moz-do-not-send="true" href="http://k.root-servers.net">k.root-servers.net</a>.</div>
<div>. 517816 IN NS <a
moz-do-not-send="true" href="http://i.root-servers.net">i.root-servers.net</a>.</div>
<div>. 517816 IN NS <a
moz-do-not-send="true" href="http://h.root-servers.net">h.root-servers.net</a>.</div>
<div>. 517816 IN NS <a
moz-do-not-send="true" href="http://d.root-servers.net">d.root-servers.net</a>.</div>
<div>. 517816 IN NS <a
moz-do-not-send="true" href="http://c.root-servers.net">c.root-servers.net</a>.</div>
<div>. 517816 IN NS <a
moz-do-not-send="true" href="http://l.root-servers.net">l.root-servers.net</a>.</div>
<div><br>
</div>
<div>;; ADDITIONAL SECTION:</div>
<div><a moz-do-not-send="true"
href="http://a.root-servers.net">a.root-servers.net</a>.
604216 IN A 198.41.0.4</div>
<div><a moz-do-not-send="true"
href="http://a.root-servers.net">a.root-servers.net</a>.
604216 IN AAAA 2001:503:ba3e::2:30</div>
<div><a moz-do-not-send="true"
href="http://b.root-servers.net">b.root-servers.net</a>.
604216 IN A 192.228.79.201</div>
<div><a moz-do-not-send="true"
href="http://c.root-servers.net">c.root-servers.net</a>.
604216 IN A 192.33.4.12</div>
<div><a moz-do-not-send="true"
href="http://d.root-servers.net">d.root-servers.net</a>.
604216 IN A 128.8.10.90</div>
<div><a moz-do-not-send="true"
href="http://d.root-servers.net">d.root-servers.net</a>.
604216 IN AAAA 2001:500:2d::d</div>
<div><a moz-do-not-send="true"
href="http://e.root-servers.net">e.root-servers.net</a>.
604216 IN A 192.203.230.10</div>
<div><a moz-do-not-send="true"
href="http://f.root-servers.net">f.root-servers.net</a>.
604216 IN A 192.5.5.241</div>
<div><a moz-do-not-send="true"
href="http://f.root-servers.net">f.root-servers.net</a>.
604216 IN AAAA 2001:500:2f::f</div>
<div><a moz-do-not-send="true"
href="http://g.root-servers.net">g.root-servers.net</a>.
604216 IN A 192.112.36.4</div>
<div><a moz-do-not-send="true"
href="http://h.root-servers.net">h.root-servers.net</a>.
604216 IN A 128.63.2.53</div>
<div><a moz-do-not-send="true"
href="http://i.root-servers.net">i.root-servers.net</a>.
604216 IN A 192.36.148.17</div>
<div><a moz-do-not-send="true"
href="http://j.root-servers.net">j.root-servers.net</a>.
604216 IN A 192.58.128.30</div>
<div><a moz-do-not-send="true"
href="http://j.root-servers.net">j.root-servers.net</a>.
604217 IN AAAA 2001:503:c27::2:30</div>
<div><br>
</div>
<div>;; Query time: 0 msec</div>
<div>;; SERVER: 172.31.26.85#53(172.31.26.85)</div>
<div>;; WHEN: Tue Oct 4 13:34:03 2011</div>
<div>;; MSG SIZE rcvd: 500</div>
</div>
</div>
</blockquote>
I would check connectivity to all of those root nameservers using
the "+norec" and "+buf=4096" options so as to mimic how named itself
would query them.<br>
<br>
If by some chance you have IPv6 enabled on your nameserver, with an
assigned (non-link-local) IPv6 address, but no actual IPv6
connectivity to the Internet, you should probably start named with
the "-4" option, to prevent it wasting time trying to talk to root
nameservers (and others) over the IPv6 transport.<br>
<br>
-
Kevin<br>
<blockquote
cite="mid:CAFpOY6r22tM803UT4aYHoTWq+S1kS_MwvVYpid20TrLS93oNuw@mail.gmail.com"
type="cite">
<div class="gmail_quote">
<div><br>
</div>
<div><br>
</div>
<div><b><u>DIG <a moz-do-not-send="true"
href="http://ns1.resolver01.net">ns1.resolver01.net</a></u></b></div>
<div><br>
</div>
<div>
<div>root@resolver01:/var/named# dig <a
moz-do-not-send="true" href="http://ns1.resolver01.net">ns1.resolver01.net</a></div>
<div><br>
</div>
<div>; <<>> DiG 9.7.3 <<>> <a
moz-do-not-send="true" href="http://ns1.resolver01.net">ns1.resolver01.net</a></div>
<div>;; global options: +cmd</div>
<div>;; Got answer:</div>
<div>;; ->>HEADER<<- opcode: QUERY, status:
NOERROR, id: 61061</div>
<div>;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1,
ADDITIONAL: 0</div>
<div><br>
</div>
<div>;; QUESTION SECTION:</div>
<div>;<a moz-do-not-send="true"
href="http://ns1.resolver01.net">ns1.resolver01.net</a>.
IN A</div>
<div><br>
</div>
<div>;; ANSWER SECTION:</div>
<div><a moz-do-not-send="true"
href="http://ns1.resolver01.net">ns1.resolver01.net</a>.
43200 IN A 172.31.26.85</div>
<div><br>
</div>
<div>;; AUTHORITY SECTION:</div>
<div><a moz-do-not-send="true" href="http://resolver01.net">resolver01.net</a>.
43200 IN NS <a moz-do-not-send="true"
href="http://ns1.resolver01.net">ns1.resolver01.net</a>.</div>
<div><br>
</div>
<div>
;; Query time: 0 msec</div>
<div>;; SERVER: 172.31.26.85#53(172.31.26.85)</div>
<div>;; WHEN: Tue Oct 4 13:34:42 2011</div>
<div>;; MSG SIZE rcvd: 66</div>
</div>
</div>
</blockquote>
Both queries returned in 0 milliseconds. Are you looking for
something faster than that? :-)<br>
<blockquote
cite="mid:CAFpOY6r22tM803UT4aYHoTWq+S1kS_MwvVYpid20TrLS93oNuw@mail.gmail.com"
type="cite">
<div class="gmail_quote">
<div><br>
</div>
<div><br>
</div>
<div><b><u>NAMED.CONF</u></b></div>
<div><br>
</div>
<div>
<div>// Mis redes permitidas</div>
<div><br>
</div>
<div>acl "redes_sky" {</div>
<div> <a moz-do-not-send="true"
href="http://172.31.26.0/24">172.31.26.0/24</a>;</div>
<div> <a moz-do-not-send="true"
href="http://172.31.25.0/24">172.31.25.0/24</a>;</div>
<div> <a moz-do-not-send="true"
href="http://172.31.24.0/24">172.31.24.0/24</a>;</div>
<div>};</div>
<div><br>
</div>
<div>options {</div>
<div> directory "/var/named";</div>
<div> dump-file "/var/named/data/cache_dump.db";</div>
<div> statistics-file
"/var/named/data/named_stats.txt";</div>
<div> version "TXT, ";</div>
<div> listen-on { 127.0.0.1; 172.31.26.85;};</div>
<div> query-source port *;</div>
<div>
//recursive-clients 2500;</div>
<div> allow-transfer{ /* !<a moz-do-not-send="true"
href="http://192.168.100.0/24">192.168.100.0/24</a>; */</div>
<div> redes_sky;</div>
<div> };</div>
<div> allow-recursion{ /* !<a moz-do-not-send="true"
href="http://192.168.100.0/24">192.168.100.0/24</a>; */</div>
<div> redes_sky;</div>
<div> };</div>
<div> allow-query { redes_sky; localhost;</div>
<div> };</div>
<div><br>
</div>
<div> //recursion no;</div>
<div>};</div>
<div><br>
</div>
<div>include "/etc/bind/rndc.key";</div>
<div><br>
</div>
<div>logging {</div>
<div> channel default_log {</div>
<div> file "/var/log/named.log"
versions 3 size 25m;</div>
<div> severity info;</div>
<div> print-time yes;</div>
<div> print-severity yes;</div>
<div> print-category yes;};</div>
<div> category default {default_log; };</div>
<div> category lame-servers {null; };</div>
<div><br>
</div>
<div>};</div>
<div><br>
</div>
<div>zone "." {</div>
<div> type hint;</div>
<div> file "root.hints";</div>
<div>};</div>
<div>zone "0.0.127.in-addr.arpa" in{</div>
<div> type master;</div>
<div> file "named.local";</div>
<div>};</div>
<div>zone "26.31.172.in-addr.arpa" in{</div>
<div> type master;</div>
<div> file "zones/26.31.172.in-addr.arpa";</div>
<div>};</div>
<div>zone "<a moz-do-not-send="true"
href="http://resolver01.net">resolver01.net</a>" in{</div>
<div> type master;</div>
<div> file "zones/<a moz-do-not-send="true"
href="http://resolver01.net">resolver01.net</a>";</div>
<div>};</div>
</div>
<div><br>
</div>
<div><br>
</div>
<div><b><u>Zones:</u></b></div>
<div><br>
</div>
<div><b>NAMED.LOCAL</b></div>
<div><br>
</div>
<div>
<div>$TTL 43200 ; 12 hours</div>
<div>@ IN SOA localhost.
root.localhost. (</div>
<div> 2008122911 ; serial</div>
<div> 3600 ; refresh (1 hour)</div>
<div> 900 ; retry (15 minutes)</div>
<div> 1209600 ; expire (2 weeks)</div>
<div> 43200 ; minimum (12 hours)</div>
<div> )</div>
<div> IN NS localhost.</div>
<div>1 IN PTR localhost.</div>
</div>
<div><br>
</div>
<div><br>
</div>
<div><b><u>26.31.172.in-addr.arpa</u></b></div>
<div><b><u><br>
</u></b></div>
<div>
<div>$ORIGIN .</div>
<div>$TTL 43200 ; 12 horas</div>
<div>26.31.172.in-addr.arpa IN SOA
ns1.resolver01.net.26.31.172.IN-ADDR.ARPA. <a
moz-do-not-send="true"
href="http://hostmaster.resolver01.net.26.31.172.IN">hostmaster.resolver01.net.26.31.172.IN</a></div>
<div>-ADDR.ARPA. (</div>
<div>
2011093021 ; serial</div>
<div> 3600 ;
refresh</div>
<div> 900 ;
retry</div>
<div> 1209600 ;
expire</div>
<div> 43200 ;
minimum</div>
<div> )</div>
<div><br>
</div>
<div> NS <a
moz-do-not-send="true" href="http://ns1.resolver01.net">ns1.resolver01.net</a>.</div>
<div>$ORIGIN 26.31.172.in-addr.arpa.</div>
<div>85 PTR <a
moz-do-not-send="true" href="http://ns1.resolver01.net">ns1.resolver01.net</a>.</div>
<div style="text-decoration: underline;"><br>
</div>
</div>
<div style="text-decoration: underline;"><br>
</div>
<div><u><b>26.31.172.in-addr.arpa</b></u></div>
<div><b><u><br>
</u></b></div>
<div>
<div>$ORIGIN .</div>
<div>$TTL 43200 ; 12 horas</div>
<div>26.31.172.in-addr.arpa IN SOA
ns1.resolver01.net.26.31.172.IN-ADDR.ARPA. <a
moz-do-not-send="true"
href="http://hostmaster.resolver01.net.26.31.172.IN">hostmaster.resolver01.net.26.31.172.IN</a></div>
<div>-ADDR.ARPA. (</div>
<div>
2011093021 ; serial</div>
<div> 3600 ;
refresh</div>
<div> 900 ;
retry</div>
<div> 1209600 ;
expire</div>
<div> 43200 ;
minimum</div>
<div> )</div>
<div><br>
</div>
<div> NS <a
moz-do-not-send="true" href="http://ns1.resolver01.net">ns1.resolver01.net</a>.</div>
<div>$ORIGIN 26.31.172.in-addr.arpa.</div>
<div>85 PTR <a
moz-do-not-send="true" href="http://ns1.resolver01.net">ns1.resolver01.net</a>.</div>
</div>
<div><br>
</div>
<div><br>
</div>
<div>
<div><b><u><a moz-do-not-send="true"
href="http://resolver01.net">resolver01.net</a></u></b></div>
</div>
<div><br>
</div>
<div>
<div>$ORIGIN .</div>
<div>$TTL 43200</div>
<div><a moz-do-not-send="true" href="http://resolver01.net">resolver01.net</a>
SOA <a moz-do-not-send="true"
href="http://ns1.resolver01.net">ns1.resolver01.net</a>. <a
moz-do-not-send="true"
href="http://hostmaster.resolver01.net">hostmaster.resolver01.net</a>.
(</div>
<div> 2011093072 ;
serial</div>
<div> 3600 ; refresh</div>
<div> 900 ; retry</div>
<div> 86400 ; expire</div>
<div> 43200 ; minimum</div>
<div> )</div>
<div><br>
</div>
<div> NS <a
moz-do-not-send="true" href="http://ns1.resolver01.net">ns1.resolver01.net</a>.</div>
<div><br>
</div>
<div> TXT "v=spf1 ptr ip4:<a
moz-do-not-send="true" href="http://172.31.26.0/24">172.31.26.0/24</a>
<a moz-do-not-send="true" href="http://172.31.24.0/24">172.31.24.0/24</a>
<a moz-do-not-send="true" href="http://172.31.25.0/24">172.31.25.0/24</a>
~all"</div>
<div>$ORIGIN <a moz-do-not-send="true"
href="http://resolver01.net">resolver01.net</a>.</div>
<div><br>
</div>
<div>ns1 A 172.31.26.85</div>
</div>
</div>
</blockquote>
<br>
<blockquote
cite="mid:CAFpOY6r22tM803UT4aYHoTWq+S1kS_MwvVYpid20TrLS93oNuw@mail.gmail.com"
type="cite">
<div class="gmail_quote">
<div><br>
</div>
<div><br>
</div>
<div>But in the zone 0.0.127.in-addr.arpa is empty???</div>
<br>
</div>
</blockquote>
What do you mean "empty"? The special symbol "@" stands for the name
of the zone, so named.local is defining 1 SOA and 1 NS record for
the name "0.0.127.in-addr.arpa". You can verify this by transferring
the zone contents (e.g. "dig -x 127.0.0 axfr").<br>
<br>
- Kevin<br>
</body>
</html>