Paul Bijnens wrote: > On 2009-05-25 13:21, carlopmart wrote: >> Paul Bijnens wrote: >>> On 2009-05-25 12:51, carlopmart wrote: >>>> I have a problem using named with different CentOS5 servers (2 servers): all >>>> they are really slow to resolv any internet address and most of time fails to >>>> resolv. This situation differs if I use "forwarders" servers like opendns: >>>> resolving names it is really really quickly. And I don't understand why. >>>> >>>> On the other hand I have tested three DNS servers using Windows 2003, Windows >>>> 2008 and Ubuntu hardy and these problems doesn't occurs (I don't need to >>>> configure forwarders on any of them): all resolves any name and really fast. >>>> >>>> IPv6 is disabled on both CentOS servers. Somebody knows why these dns servers >>>> are slow?? >>> My crystal ball is in repair. Could you in the meantime add some more >>> hints, e.g. your config files, and how you diagnosed the slowness. >>> >>> My CentOS5 DNS-servers do resolve really quickly, with or without forwarders. >>> >>> >> Ok, my named.conf: >> >> // >> // named.conf >> // >> >> options { >> directory "/var/named"; >> dump-file "/var/named/data/cache_dump.db"; >> statistics-file "/var/named/data/named_stats.txt"; >> memstatistics-file "/var/named/data/named_mem_stats.txt"; >> listen-on port 53 { 127.0.0.1; 172.25.50.10; }; >> version "DNS Server v2.0"; >> dnssec-enable no; >> query-source port 53; >> forwarders { 208.67.220.220; 208.67.222.222; }; >> }; >> >> logging { >> channel security_channel { >> file "/var/named/data/security.log" versions 3 size 1m; >> severity debug; >> print-time yes; >> print-category yes; >> print-severity yes; >> }; >> channel default { >> syslog local4; >> severity info; >> print-category yes; >> print-severity yes; >> }; >> channel query_log { >> file "/var/named/data/query.log" versions 3 size 1m; >> print-time yes; >> }; >> category security { >> security_channel; >> default; >> }; >> category queries { >> query_log; >> }; >> channel default_debug { >> file "/var/named/data/named.run"; >> severity dynamic; >> }; >> category lame-servers { null; }; >> category default { default; }; >> }; >> >> controls { >> inet 127.0.0.1 allow { localhost; } keys { rndckey; }; >> }; > > > When you're not using forwarding, the dns server should have some basic knowledge > of the root servers. So add something like: > > // prime the server with knowledge of the root servers > zone "." { > type hint; > file "/path/to/the/file/having/named.root"; > }; > > And the file itself can be downloaded (and updated now and then) from: > > http://www.internic.net/zones/named.root > > And to avoid forwarding on silly resolutions for localhost or 127.x.x.x > you can do the same with a local "type master" zone for those two zones > as well: > > // be authoritative for the localhost forward and reverse zones > zone "localhost" { > type master; > file "/path/to/the/file/having/localhost.zone"; > }; > zone "127.in-addr.arpa" { > type master; > file "/path/to/the/file/having/ptr-127.zone"; > }; > > > > > > > Thanks Paul, but I have configured this previously. I have posted only relevat parts about the topic. -- CL Martinez carlopmart {at} gmail {d0t} com