Paul Bijnens wrote:
On 2009-05-25 12:51, carlopmart wrote:
I have a problem using named with different CentOS5 servers (2 servers): all they are really slow to resolv any internet address and most of time fails to resolv. This situation differs if I use "forwarders" servers like opendns: resolving names it is really really quickly. And I don't understand why.
On the other hand I have tested three DNS servers using Windows 2003, Windows 2008 and Ubuntu hardy and these problems doesn't occurs (I don't need to configure forwarders on any of them): all resolves any name and really fast.
IPv6 is disabled on both CentOS servers. Somebody knows why these dns servers are slow??
My crystal ball is in repair. Could you in the meantime add some more hints, e.g. your config files, and how you diagnosed the slowness.
My CentOS5 DNS-servers do resolve really quickly, with or without forwarders.
Ok, my named.conf:
// // named.conf //
options { directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; listen-on port 53 { 127.0.0.1; 172.25.50.10; }; version "DNS Server v2.0"; dnssec-enable no; query-source port 53; forwarders { 208.67.220.220; 208.67.222.222; }; };
logging { channel security_channel { file "/var/named/data/security.log" versions 3 size 1m; severity debug; print-time yes; print-category yes; print-severity yes; }; channel default { syslog local4; severity info; print-category yes; print-severity yes; }; channel query_log { file "/var/named/data/query.log" versions 3 size 1m; print-time yes; }; category security { security_channel; default; }; category queries { query_log; }; channel default_debug { file "/var/named/data/named.run"; severity dynamic; }; category lame-servers { null; }; category default { default; }; };
controls { inet 127.0.0.1 allow { localhost; } keys { rndckey; }; };
As you can see, I need to use "query-source port" param too with forwarders to resolv names (and this is really really ugly).
And some examples:
- Using "query-source port" and "forwarders" directives:
[root@thranduil data]# nslookup
bugs.centos.org
Server: 127.0.0.1 Address: 127.0.0.1#53
Non-authoritative answer: Name: bugs.centos.org Address: 72.232.194.162
.. all it is normal and really fast.
- Disabling "query-source port" and "forwarders" directives:
[root@thranduil data]# nslookup
www.google.com
;; connection timed out; no servers could be reached
first attempt fails ...
root@thranduil data]# nslookup
www.google.com
;; connection timed out; no servers could be reached
second attempt fails and ..
root@thranduil data]# nslookup
www.google.com
Server: 127.0.0.1 Address: 127.0.0.1#53
Non-authoritative answer: www.google.com canonical name = www.l.google.com. Name: www.l.google.com Address: 209.85.227.99 Name: www.l.google.com Address: 209.85.227.103 Name: www.l.google.com Address: 209.85.227.104 Name: www.l.google.com Address: 209.85.227.147
.. at third attempt works ...
same tests using ubuntu hardy without using "query-source" and "forwarders" directives, works.
Do you need more info??