[CentOS] resolving names it is really slow slow with CentOS5.x using named
carlopmart
carlopmart at gmail.com
Mon May 25 16:18:14 UTC 2009
Les Mikesell wrote:
> carlopmart wrote:
>>>>>>> Thanks lars. Correctly, firewall could be the problem, but it isn't. Because
>>>>>> Ubuntu and Windows 2003/2008 doesn't have problems with it ... and resolves
>>>>>> perfectly ... And I don't have configured this firewall to accept dns queries
>>>>>> originating from source port 53 ...
>>>>>>
>>>>> What does 'dig' show about your access to the root servers without
>>>>> forwarders and with and without forcing the query-source port? Compare
>>>>> it to the Ubuntu system. Maybe there's something wrong with the root
>>>>> hints file - or maybe your border firewall is blocking all udp to this
>>>>> box but permitting it to the DNS servers that work.
>>>>>
>>>> Thanks Les, but I have checked it before post this problem. Ubuntu and CentOS
>>>> have the same file to do querys to root servers ...
>>> And the results of 'dig' on each?
>>>
>>>> I have find a temporary solution: reduce the MTU on CentOS server (1440) ...I
>>>> need to investigate why centOS loses some packages and ubuntu doesn't ....
>>> Are you routing through tunnels?
>>>
>>>
>> No, all hosts (firewall and CentOS DNS server) are connected to GByte network.
>
> That's not where the problem is. Since you are working with forwarding
> on, the problem has to be when you try to go directly to the internet
> over UDP so it would be at the firewall or border router. When DNS
> fails, it will retry with TCP and that might be why it eventually works.
That's not possible, because firewall only permits DNS querys over UDP ...
> Is there anything in the path to the internet that needs a lower MTU
> (perhaps a DNS line running PPOE)? Or do you have jumbo packets enabled
> on your Gig NIC?
No, but firewalls have a mtu configured with 1450 on external interfaces ...
And if you do need a small MTU, do you have firewalls
> blocking the ICMP messages that are required to discover that automatically?
Yes, ICMP messages are blocked on firewall, but are blocked for all hosts:
centos dns servers, ubuntu servers, windows servers ... i don't understand why
using Ubuntu or windows servers to resolve names works ok and with centos (and
with either rhel5. I have just check it) doesn't ...
>
--
CL Martinez
carlopmart {at} gmail {d0t} com
More information about the CentOS
mailing list