On 2009-05-25 13:21, carlopmart wrote:
> Paul Bijnens wrote:
>> On 2009-05-25 12:51, carlopmart wrote:
>>> I have a problem using named with different CentOS5 servers (2 servers): all
>>> they are really slow to resolv any internet address and most of time fails to
>>> resolv. This situation differs if I use "forwarders" servers like opendns:
>>> resolving names it is really really quickly. And I don't understand why.
>>>
>>> On the other hand I have tested three DNS servers using Windows 2003, Windows
>>> 2008 and Ubuntu hardy and these problems doesn't occurs (I don't need to
>>> configure forwarders on any of them): all resolves any name and really fast.
>>>
>>> IPv6 is disabled on both CentOS servers. Somebody knows why these dns servers
>>> are slow??
>>
>> My crystal ball is in repair. Could you in the meantime add some more
>> hints, e.g. your config files, and how you diagnosed the slowness.
>>
>> My CentOS5 DNS-servers do resolve really quickly, with or without forwarders.
>>
>>
> Ok, my named.conf:
>
> //
> // named.conf
> //
>
> options {
> directory "/var/named";
> dump-file "/var/named/data/cache_dump.db";
> statistics-file "/var/named/data/named_stats.txt";
> memstatistics-file "/var/named/data/named_mem_stats.txt";
> listen-on port 53 { 127.0.0.1; 172.25.50.10; };
> version "DNS Server v2.0";
> dnssec-enable no;
> query-source port 53;
> forwarders { 208.67.220.220; 208.67.222.222; };
> };
>
> logging {
> channel security_channel {
> file "/var/named/data/security.log" versions 3 size 1m;
> severity debug;
> print-time yes;
> print-category yes;
> print-severity yes;
> };
> channel default {
> syslog local4;
> severity info;
> print-category yes;
> print-severity yes;
> };
> channel query_log {
> file "/var/named/data/query.log" versions 3 size 1m;
> print-time yes;
> };
> category security {
> security_channel;
> default;
> };
> category queries {
> query_log;
> };
> channel default_debug {
> file "/var/named/data/named.run";
> severity dynamic;
> };
> category lame-servers { null; };
> category default { default; };
> };
>
> controls {
> inet 127.0.0.1 allow { localhost; } keys { rndckey; };
> };
When you're not using forwarding, the dns server should have some basic knowledge
of the root servers. So add something like:
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/path/to/the/file/having/named.root";
};
And the file itself can be downloaded (and updated now and then) from:
http://www.internic.net/zones/named.root
And to avoid forwarding on silly resolutions for localhost or 127.x.x.x
you can do the same with a local "type master" zone for those two zones
as well:
// be authoritative for the localhost forward and reverse zones
zone "localhost" {
type master;
file "/path/to/the/file/having/localhost.zone";
};
zone "127.in-addr.arpa" {
type master;
file "/path/to/the/file/having/ptr-127.zone";
};
--
Paul Bijnens, Xplanation Technology Services Tel +32 16 397.525
Interleuvenlaan 86, B-3001 Leuven, BELGIUM Fax +32 16 397.552
***********************************************************************
* I think I've got the hang of it now: exit, ^D, ^C, ^\, ^Z, ^Q, ^^, *
* quit, ZZ, :q, :q!, M-Z, ^X^C, logoff, logout, close, bye, /bye, ~., *
* stop, end, ^]c, +++ ATH, disconnect, halt, abort, hangup, KJOB, *
* ^X^X, :D::D, kill -9 1, kill -1 $$, shutdown, init 0, Alt-F4, *
* Alt-f-e, Ctrl-Alt-Del, Alt-SysRq-reisub, Stop-A, AltGr-NumLock, ... *
* ... "Are you sure?" ... YES ... Phew ... I'm out *
***********************************************************************