[CentOS] Slow domain resolution problem

Sat Aug 28 20:17:14 UTC 2010

Gabriel Tabares wrote:
> On 23/08/2010 13:28, Joseph L. Casale wrote:
>   
>>> Both files are the default ones from CentOS:
>>>      
>>>       
>> So what do the host names look like that the application
>> attempts to resolve, fully qualified or not? What does your
>> cli based query look like?
>>
>>    
>>     
>
> My resolv.conf is:
>
> search mydomain.com
> nameserver 10.3.2.2
>
> The hostname of the machines is set to a FQDN server.mydomain.com.
>
> The time it takes for the queries does not change whether we use the 
> FQDN or just the hostname.
>
> See below for an example (I stopped the mail server so the connection 
> was refused).
>
> #time telnet  md-mail02.mydomain.com 25
> (long wait)
> Trying 10.2.9.2...
> telnet: connect to address 10.2.9.2: Connection refused
> telnet: Unable to connect to remote host: Connection refused
>
> real    0m20.005s
> user    0m0.000s
> sys     0m0.005s
>
> #time telnet  md-mail02 25
> (long wait)
> Trying 10.2.9.2...
> telnet: connect to address 10.2.9.2: Connection refused
> telnet: Unable to connect to remote host: Connection refused
>
> real    0m10.004s
> user    0m0.001s
> sys     0m0.002s
>
> #time telnet  10.2.9.2 25
> (no wait)
> Trying 10.2.9.2...
> telnet: connect to address 10.2.9.2: Connection refused
> telnet: Unable to connect to remote host: Connection refused
>
> real    0m0.005s
> user    0m0.001s
> sys     0m0.002s
>
> Nslookup responds immediately:
>
> #time nslookup my-mail02.mydomain.com
> Server:         10.2.2.254
> Address:        10.2.2.254#53
>
> Non-authoritative answer:
> Name:   my-mail02.mydomain.com
> Address: 10.2.9.2
>
>
> real    0m0.006s
> # Eclipse ISP
> nameserver 212.104.130.9
> nameserver 212.104.130.65
>
> # OpenDNS
> nameserver 208.67.222.222
> nameserver 208.67.220.220user    0m0.003s
> sys     0m0.003s
>
> #time nslookup my-mail02
> Server:         10.2.2.254
> Address:        10.2.2.254#53
>
> Non-authoritative answer:
> Name:   my-mail02.mydomain.com
> Address: 10.2.9.2
>
>
> real    0m0.005s
> user    0m0.001s
> sys     0m0.004s
>
>
>
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>   
If your resolv.conf has:

nameserver 10.3.2.2

Why does nslookup say that it is querying server 10.2.2.254?  Is your 
system multi-homed?  Try changing resolv.conf to use 127.0.0.1, If your 
using bind, and you specifiy 127.0.0.1 I believe it will use local 
sockets instead of the IP stack for the query.

I would try dig (from the bind-utils package) You want to make sure that 
either your local server is authoritative for mydomain.com and for the 
reverse domain.  This is confirmed by the 'aa' flag from dig (not sure 
of nslookup can do this). If it is not authoritative, then it must 
delegate to another nameserver that is.  You should also get back a 
proper SOA record for both.  Lack of proper authoritative SOA records 
for both your forward (mydomain.com) and reverse domains will cause the 
server to try to go out to the Internet for further resolution.  If 
there is no internet access, this will hang.  Even if you don't populate 
the reverse domain with records, it must still be authoritative.  
Minimally, I suggest a simple script to generate reverse entries for all 
of the ip addresses in your address space.

dig mydomain.com soa @127.0.0.1

dig 2.2.10.in-addr.arpa.  soa @127.0.0.1

penguin> dig 2.2.10.in-addr.arpa. soa

; <<>> DiG 9.5.2-RedHat-9.5.2-1.fc10 <<>> 2.2.10.in-addr.arpa. soa
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21666
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;2.2.10.in-addr.arpa.        IN    SOA

;; AUTHORITY SECTION:
2.2.10.in-addr.arpa.    14400    IN    SOA    ns1.mydomain.com. 
me.mydomain.com. 2010082600 3600 600 15552000 14400

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Aug 28 13:09:51 2010
;; MSG SIZE  rcvd: 91

Nataraj