[CentOS] resolving names it is really slow slow with CentOS5.x using named

Mon May 25 13:49:50 UTC 2009
carlopmart <carlopmart at gmail.com>

Paul Bijnens wrote:
> On 2009-05-25 13:21, carlopmart wrote:
>> Paul Bijnens wrote:
>>> On 2009-05-25 12:51, carlopmart wrote:
>>>>   I have a problem using named with different CentOS5 servers (2 servers): all 
>>>> they are really slow to resolv any internet address and most of time fails to 
>>>> resolv. This situation differs if I use "forwarders" servers like opendns: 
>>>> resolving names it is really really quickly. And I don't understand why.
>>>>
>>>>   On the other hand I have tested three DNS servers using Windows 2003, Windows 
>>>> 2008 and Ubuntu hardy and these problems doesn't occurs (I don't need to 
>>>> configure forwarders on any of them): all resolves any name and really fast.
>>>>
>>>>   IPv6 is disabled on both CentOS servers. Somebody knows why these dns servers 
>>>> are slow??
>>> My crystal ball is in repair.  Could you in the meantime add some more
>>> hints, e.g. your config files, and how you diagnosed the slowness.
>>>
>>> My CentOS5 DNS-servers do resolve really quickly, with or without forwarders.
>>>
>>>
>> Ok, my named.conf:
>>
>> //
>> // named.conf
>> //
>>
>> options {
>>          directory "/var/named";
>>          dump-file "/var/named/data/cache_dump.db";
>>          statistics-file "/var/named/data/named_stats.txt";
>>          memstatistics-file "/var/named/data/named_mem_stats.txt";
>>          listen-on port 53 { 127.0.0.1; 172.25.50.10; };
>>          version "DNS Server v2.0";
>>          dnssec-enable no;
>>          query-source port 53;
>>          forwarders { 208.67.220.220; 208.67.222.222; };
>> };
>>
>> logging {
>>          channel security_channel {
>>                  file "/var/named/data/security.log" versions 3 size 1m;
>>                  severity debug;
>>                  print-time yes;
>>                  print-category yes;
>>                  print-severity yes;
>>          };
>>          channel default {
>>                  syslog local4;
>>                  severity info;
>>                  print-category yes;
>>                  print-severity yes;
>>          };
>>          channel query_log {
>>                  file "/var/named/data/query.log" versions 3 size 1m;
>>                  print-time yes;
>>          };
>>          category security {
>>                  security_channel;
>>                  default;
>>          };
>>          category queries {
>>                  query_log;
>>          };
>>          channel default_debug {
>>                  file "/var/named/data/named.run";
>>                  severity dynamic;
>>          };
>>          category lame-servers { null; };
>>          category default { default; };
>> };
>>
>> controls {
>>          inet 127.0.0.1 allow { localhost; } keys { rndckey; };
>> };
> 
> 
> When you're not using forwarding, the dns server should have some basic knowledge
> of the root servers.  So add something like:
> 
>    // prime the server with knowledge of the root servers
>    zone "." {
>            type hint;
>            file "/path/to/the/file/having/named.root";
>    };
> 
> And the file itself can be downloaded (and updated now and then) from:
> 
> http://www.internic.net/zones/named.root
> 
> And to avoid forwarding on silly resolutions for localhost or 127.x.x.x
> you can do the same with a local "type master" zone for those two zones
> as well:
> 
>    // be authoritative for the localhost forward and reverse zones
>    zone "localhost" {
>          type master;
>          file "/path/to/the/file/having/localhost.zone";
>    };
>    zone "127.in-addr.arpa" {
>          type master;
>          file "/path/to/the/file/having/ptr-127.zone";
>    };
> 
> 
> 
> 
> 
> 
> 

Thanks Paul, but I have configured this previously. I have posted only relevat 
parts about the topic.

-- 
CL Martinez
carlopmart {at} gmail {d0t} com