[CentOS] resolving names it is really slow slow with CentOS5.x using named
carlopmart
carlopmart at gmail.com
Mon May 25 13:49:50 UTC 2009
Paul Bijnens wrote:
> On 2009-05-25 13:21, carlopmart wrote:
>> Paul Bijnens wrote:
>>> On 2009-05-25 12:51, carlopmart wrote:
>>>> I have a problem using named with different CentOS5 servers (2 servers): all
>>>> they are really slow to resolv any internet address and most of time fails to
>>>> resolv. This situation differs if I use "forwarders" servers like opendns:
>>>> resolving names it is really really quickly. And I don't understand why.
>>>>
>>>> On the other hand I have tested three DNS servers using Windows 2003, Windows
>>>> 2008 and Ubuntu hardy and these problems doesn't occurs (I don't need to
>>>> configure forwarders on any of them): all resolves any name and really fast.
>>>>
>>>> IPv6 is disabled on both CentOS servers. Somebody knows why these dns servers
>>>> are slow??
>>> My crystal ball is in repair. Could you in the meantime add some more
>>> hints, e.g. your config files, and how you diagnosed the slowness.
>>>
>>> My CentOS5 DNS-servers do resolve really quickly, with or without forwarders.
>>>
>>>
>> Ok, my named.conf:
>>
>> //
>> // named.conf
>> //
>>
>> options {
>> directory "/var/named";
>> dump-file "/var/named/data/cache_dump.db";
>> statistics-file "/var/named/data/named_stats.txt";
>> memstatistics-file "/var/named/data/named_mem_stats.txt";
>> listen-on port 53 { 127.0.0.1; 172.25.50.10; };
>> version "DNS Server v2.0";
>> dnssec-enable no;
>> query-source port 53;
>> forwarders { 208.67.220.220; 208.67.222.222; };
>> };
>>
>> logging {
>> channel security_channel {
>> file "/var/named/data/security.log" versions 3 size 1m;
>> severity debug;
>> print-time yes;
>> print-category yes;
>> print-severity yes;
>> };
>> channel default {
>> syslog local4;
>> severity info;
>> print-category yes;
>> print-severity yes;
>> };
>> channel query_log {
>> file "/var/named/data/query.log" versions 3 size 1m;
>> print-time yes;
>> };
>> category security {
>> security_channel;
>> default;
>> };
>> category queries {
>> query_log;
>> };
>> channel default_debug {
>> file "/var/named/data/named.run";
>> severity dynamic;
>> };
>> category lame-servers { null; };
>> category default { default; };
>> };
>>
>> controls {
>> inet 127.0.0.1 allow { localhost; } keys { rndckey; };
>> };
>
>
> When you're not using forwarding, the dns server should have some basic knowledge
> of the root servers. So add something like:
>
> // prime the server with knowledge of the root servers
> zone "." {
> type hint;
> file "/path/to/the/file/having/named.root";
> };
>
> And the file itself can be downloaded (and updated now and then) from:
>
> http://www.internic.net/zones/named.root
>
> And to avoid forwarding on silly resolutions for localhost or 127.x.x.x
> you can do the same with a local "type master" zone for those two zones
> as well:
>
> // be authoritative for the localhost forward and reverse zones
> zone "localhost" {
> type master;
> file "/path/to/the/file/having/localhost.zone";
> };
> zone "127.in-addr.arpa" {
> type master;
> file "/path/to/the/file/having/ptr-127.zone";
> };
>
>
>
>
>
>
>
Thanks Paul, but I have configured this previously. I have posted only relevat
parts about the topic.
--
CL Martinez
carlopmart {at} gmail {d0t} com
More information about the CentOS
mailing list