[CentOS] resolving names it is really slow slow with CentOS5.x using named

Mon May 25 14:37:53 UTC 2009
Les Mikesell <lesmikesell at gmail.com>

carlopmart wrote:
> Lars Hecking wrote:
>>> options {
>>>          directory "/var/named";
>>>          dump-file "/var/named/data/cache_dump.db";
>>>          statistics-file "/var/named/data/named_stats.txt";
>>>          memstatistics-file "/var/named/data/named_mem_stats.txt";
>>>          listen-on port 53 { 127.0.0.1; 172.25.50.10; };
>>>          version "DNS Server v2.0";
>>>          dnssec-enable no;
>>>          query-source port 53;
>>>          forwarders { 208.67.220.220; 208.67.222.222; };
>>> };
>>  
>>> As you can see, I need to use "query-source port" param too with forwarders to
>>> resolv names (and this is really really ugly).
>>  
>>  Explicit query-source port breaks port randomisation and is highly insecure.
>>  Your problem may be an incorrectly configured firewall that only accepts
>>  outgoing queries originating from source port 53 - it needs to accept all
>>  outgoing queries for destination port 53.
>>
>>
> 
> Thanks lars. Correctly, firewall could be the problem, but it isn't. Because 
> Ubuntu and Windows 2003/2008 doesn't have problems with it ... and resolves 
> perfectly ... And I don't have configured this firewall to accept dns queries 
> originating from source port 53 ...
> 

What does 'dig' show about your access to the root servers without 
forwarders and with and without forcing the query-source port?  Compare 
it to the Ubuntu system.  Maybe there's something wrong with the root 
hints file - or maybe your border firewall is blocking all udp to this 
box but permitting it to the DNS servers that work.

-- 
   Les Mikesell
    lesmikesell at gmail.com