[CentOS] resolving names it is really slow slow with CentOS5.x using named
Les Mikesell
lesmikesell at gmail.com
Mon May 25 15:05:18 UTC 2009
carlopmart wrote:
> Les Mikesell wrote:
>> carlopmart wrote:
>>> Lars Hecking wrote:
>>>>> options {
>>>>> directory "/var/named";
>>>>> dump-file "/var/named/data/cache_dump.db";
>>>>> statistics-file "/var/named/data/named_stats.txt";
>>>>> memstatistics-file "/var/named/data/named_mem_stats.txt";
>>>>> listen-on port 53 { 127.0.0.1; 172.25.50.10; };
>>>>> version "DNS Server v2.0";
>>>>> dnssec-enable no;
>>>>> query-source port 53;
>>>>> forwarders { 208.67.220.220; 208.67.222.222; };
>>>>> };
>>>>
>>>>> As you can see, I need to use "query-source port" param too with forwarders to
>>>>> resolv names (and this is really really ugly).
>>>>
>>>> Explicit query-source port breaks port randomisation and is highly insecure.
>>>> Your problem may be an incorrectly configured firewall that only accepts
>>>> outgoing queries originating from source port 53 - it needs to accept all
>>>> outgoing queries for destination port 53.
>>>>
>>>>
>>> Thanks lars. Correctly, firewall could be the problem, but it isn't. Because
>>> Ubuntu and Windows 2003/2008 doesn't have problems with it ... and resolves
>>> perfectly ... And I don't have configured this firewall to accept dns queries
>>> originating from source port 53 ...
>>>
>> What does 'dig' show about your access to the root servers without
>> forwarders and with and without forcing the query-source port? Compare
>> it to the Ubuntu system. Maybe there's something wrong with the root
>> hints file - or maybe your border firewall is blocking all udp to this
>> box but permitting it to the DNS servers that work.
>>
>
> Thanks Les, but I have checked it before post this problem. Ubuntu and CentOS
> have the same file to do querys to root servers ...
And the results of 'dig' on each?
> I have find a temporary solution: reduce the MTU on CentOS server (1440) ...I
> need to investigate why centOS loses some packages and ubuntu doesn't ....
Are you routing through tunnels?
--
Les Mikesell
lesmikesell at gmail.com
More information about the CentOS
mailing list