<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
This is boarderline not thinking on my part.<br>
<br>
OF COURSE those FQDNs resolve fast; they are in local ZOne files.
No lookup needed.<br>
<br>
Sheesh.<br>
<br>
"Slow down, you move to fast. Got to make the Mornin' last!" :)<br>
<br>
<div class="moz-cite-prefix">On 8/3/22 14:43, Robert Moskowitz
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:4284ec71-1c5f-536f-135a-c6c1eea7a741@htt-consult.com">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
Perhaps this is only caching the zones in the Internal View, not
all public stuff looked up by internal clients?<br>
<br>
I say this because I get fast responses to internal servers, but
slow if at all to external ones.<br>
<br>
Grasping here because my search foo is weak and I can't find where
it is defined exactly what IS cached.<br>
<br>
<div class="moz-cite-prefix">On 8/3/22 10:52, Robert Moskowitz via
bind-users wrote:<br>
</div>
<blockquote type="cite"
cite="mid:d5152cb7-4a04-803b-de00-dd4b341449bd@htt-consult.com">
<meta http-equiv="Content-Type" content="text/html;
charset=UTF-8">
thanks Greg. Yes I need to figure out how to troubleshoot
this. But here is some stuff:<br>
<br>
# cat resolv.conf <br>
# Generated by NetworkManager<br>
search attlocal.net htt-consult.com<br>
nameserver 23.123.122.146<br>
nameserver 2600:1700:9120:4330::1<br>
<br>
My server is 23.123.122.146. That IPv6 addr is my ATT router.<br>
<br>
# cat named.conf<br>
include "/etc/named/named.acl";<br>
<br>
options {<br>
listen-on port 53 { any; };<br>
listen-on-v6 port 53 { any; };<br>
use-v4-udp-ports { range 10240 65535; };<br>
use-v6-udp-ports { range 10240 65535; };<br>
directory "/var/named";<br>
dump-file "/var/named/data/cache_dump.db";<br>
statistics-file "/var/named/data/named_stats.txt";<br>
memstatistics-file "/var/named/data/named_mem_stats.txt";<br>
allow-query { localhost; };<br>
<br>
dnssec-enable no;<br>
dnssec-validation no;<br>
bindkeys-file "/etc/named.iscdlv.key";<br>
managed-keys-directory "/var/named/dynamic";<br>
pid-file "/run/named/named.pid";<br>
session-keyfile "/run/named/session.key";<br>
};<br>
<br>
logging { channel default_debug {<br>
file "data/named.run";<br>
severity dynamic; };};<br>
<br>
view "internal"<br>
{ include "/etc/named/named.internal";};<br>
<br>
view "external"<br>
{ include "/etc/named/named.external";};<br>
<br>
include "/etc/named/rndc.key";<br>
include "/etc/named.root.key";<br>
<br>
# cat named.acl <br>
acl "httslaves" {<br>
// address of NSs<br>
208.83.69.35; // ns1.mudkips.net<br>
208.83.66.130; // ns2.mudkips.net<br>
63.68.132.50; // ns1.icsl.net<br>
2607:f4b8:2600:1::1; // ns1.mudkips.net<br>
2607:f4b8:2600:6::1; // ns2.mudkips.net<br>
};<br>
<br>
acl "httnets" {<br>
127.0.0.1;<br>
23.123.122.144/28;<br>
192.168.32.0/24;<br>
192.168.64.0/24;<br>
192.168.96.0/24;<br>
192.168.160.0/23;<br>
192.168.128.0/23;<br>
192.168.192.0/22;<br>
192.168.224.0/24;<br>
::1;<br>
2600:1700:9120:4330::/64;<br>
};<br>
<br>
<br>
# cat named.internal <br>
<br>
match-clients { httnets; };<br>
match-destinations { httnets; };<br>
allow-query { httnets; };<br>
allow-query-cache { httnets; };<br>
allow-recursion { any; };<br>
recursion yes;<br>
empty-zones-enable yes;<br>
<br>
zone "." IN {<br>
type hint;<br>
file "named.ca"; };<br>
<br>
include "/etc/named.rfc1912.zones";<br>
<br>
zone "htt-consult.com" { <br>
type master;<br>
file "httin-consult.com.zone"; };<br>
<br>
zone "labs.htt-consult.com" {<br>
type master;<br>
file "labs.htt-consult.com.hosts"; };<br>
zone "intelcon.htt-consult.com" {<br>
type master;<br>
file
"intelcon.htt-consult.com.hosts"; };<br>
zone "mobile.htt-consult.com" {<br>
type master;<br>
file "mobile.htt-consult.com.hosts"; };<br>
zone "test.htt-consult.com" { <br>
type master;<br>
file "test.httin-consult.com.hosts"; };<br>
zone "128.168.192.in-addr.arpa" {<br>
type master;<br>
file "128.168.192.in-addr.arpa.zone"; };<br>
zone "0-24.128.168.192.in-addr.arpa" {<br>
type master;<br>
file "0-24.128.168.192.in-addr.arpa.zone"; };<br>
zone "htt" {<br>
type master;<br>
file "htt.zone"; };<br>
zone "home.htt" {<br>
type master;<br>
file "home.htt.zone"; };<br>
<br>
<br>
Do you also want my named.external?<br>
<br>
<br>
<div class="moz-cite-prefix">On 8/3/22 09:39, Greg Choules
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CANsEUy0zh33o5v97p5vYg_+HJrWhdxPrDhrNuRNaqvXctAmf5g@mail.gmail.com">
<meta http-equiv="content-type" content="text/html;
charset=UTF-8">
<div dir="ltr">Hi Robert.
<div>May we see the file /etc/resolv.conf and your BIND
configuration? It's difficult to guess what might be going
on with only a small snippet of information.</div>
<div>If you "ping somewhere" (or "ssh a-server", or
whatever) the OS will consult resolv.conf to determine
where to send DNS queries. If that's not your local
instance of BIND then you could be looking for trouble in
the wrong place.</div>
<div><br>
</div>
<div>If you *do* have an address of the local machine as the
first 'nameserver' entry in resolv.conf you will need to
know what that query looks like to determine how BIND is
going to handle it.</div>
<div>You also need to know what BIND will try and do when it
does receive queries.</div>
<div><br>
</div>
<div>Packet captures are your friend here, using tcpdump (to
disk, not to screen). Gather evidence first, then make
theories.</div>
<div><br>
</div>
<div>Cheers, Greg</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Wed, 3 Aug 2022 at
14:29, Robert Moskowitz <<a
href="mailto:rgm@htt-consult.com" target="_blank"
moz-do-not-send="true" class="moz-txt-link-freetext">rgm@htt-consult.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">Part of my problem is
that caching does not seem to be working in my <br>
internal view.<br>
<br>
Something is happening such that my internal systems AND
the server <br>
itself cannot resolve names and looses it even 5 min
later, indicating <br>
not caching.<br>
<br>
I read <a href="https://kb.isc.org/docs/aa-00851"
rel="noreferrer" target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">https://kb.isc.org/docs/aa-00851</a><br>
<br>
In my include for the internal view (named.internal) I
have:<br>
<br>
match-clients { httnets; };<br>
match-destinations { httnets; };<br>
allow-query { httnets; };<br>
allow-query-cache { httnets; };<br>
allow-recursion { any; };<br>
recursion yes;<br>
empty-zones-enable yes;<br>
<br>
Yet I get on my DNS server:<br>
<br>
ping <a href="http://www.google.com" rel="noreferrer"
target="_blank" moz-do-not-send="true">www.google.com</a><br>
ping: <a href="http://www.google.com" rel="noreferrer"
target="_blank" moz-do-not-send="true">www.google.com</a>:
Name or service not known<br>
<br>
Then later it works.<br>
<br>
Then later it doesn't again.<br>
<br>
Sigh. If at least caching was working for internal use, I
would be able <br>
to work more smoothy?<br>
<br>
<br>
<br>
<br>
-- <br>
Visit <a
href="https://lists.isc.org/mailman/listinfo/bind-users"
rel="noreferrer" target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">https://lists.isc.org/mailman/listinfo/bind-users</a>
to unsubscribe from this list<br>
<br>
ISC funds the development of this software with paid
support subscriptions. Contact us at <a
href="https://www.isc.org/contact/" rel="noreferrer"
target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">https://www.isc.org/contact/</a>
for more information.<br>
<br>
<br>
bind-users mailing list<br>
<a href="mailto:bind-users@lists.isc.org" target="_blank"
moz-do-not-send="true" class="moz-txt-link-freetext">bind-users@lists.isc.org</a><br>
<a
href="https://lists.isc.org/mailman/listinfo/bind-users"
rel="noreferrer" target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">https://lists.isc.org/mailman/listinfo/bind-users</a><br>
</blockquote>
</div>
</blockquote>
<br>
<br>
<fieldset class="moz-mime-attachment-header"></fieldset>
</blockquote>
<br>
<br>
<fieldset class="moz-mime-attachment-header"></fieldset>
</blockquote>
<br>
</body>
</html>