Very slow bind 9
 

Hey,
I hve just buildt a Master *DNS cache with bind, but it is very slow...it is 10 times slower than the response if i try to resolve against the router. I checked the syslog and i saw that Bind try to get responso from the Root-Servers...I dont understand cause i conf bind with forward to my DNS (ISP)... someone knows why is so slow?...and ...why bind try to connect first with ROOTSERVERS?

thank you

Very slow bind 9
 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jesus arteche wrote:
> Hey,
> I hve just buildt a Master DNS cache with bind, but it is very slow...it is
> 10 times slower than the response if i try to resolve against the router. I
> checked the syslog and i saw that Bind try to get responso from the
> Root-Servers...I dont understand cause i conf bind with forward to my DNS
> (ISP)... someone knows why is so slow?...and ...why bind try to connect
> first with ROOTSERVERS?

It uses them to determine the NS for the domain name you want. to run
bind at its quickest, using your own root zone can help.

I aggregate a root zone to run on my name servers. You may grab the
zone if you would like to give it a try. slave '. zone from 58.6.115.46.

zone "." IN{
type slave;
file "/etc/bind/db.root";
masters { 58.6.115.46; };
allow-transfer { any; };
notify no;
};

Once this done, you will have no need to forward to your ISP.
Hope that helps!

- --
Cheers,
Julian De Marchi
- --
OpenNIC user - http://www.opennicproject.org/ | http://www.opennic.glue
Support OpenNIC, become a member today!
- --
PGP 0x8D659814
- --
Please avoid sending me Word or PowerPoint attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJEiWLfM8nSo1lmBQRAgReAJ9LC8BwMXNp2AOY2OLJ4M fqyM2Q1ACffTw4
IyaHY75Y2XNXbNVaCwIgqdA=
=Uj3v
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Very slow bind 9
 

On Thu, 6 Nov 2008, Julian De Marchi wrote:


It uses them to determine the NS for the domain name you want. to run
bind at its quickest, using your own root zone can help.


That makes sense. By default "." is type hint.


I aggregate a root zone to run on my name servers. You may grab the
zone if you would like to give it a try. slave '. zone from 58.6.115.46.


Can you share the aggregation script ?

I haven't looked at opennic since my last cross-country move -
maybe 'tis time to re-investigate



zone "." IN{

[snip]

};

Once this done, you will have no need to forward to your ISP.
Hope that helps!


But he is exposed if your master ever moves, or you quit allowing
remote access (even axfr) traffic to the zone ;)

This seems like a very useful idea, and would benefit even ISP traffic
if they provide a similar service.

--
Rick Nelson
"slackware users don't matter. in my experience, slackware users are
either clueless newbies who will have trouble even with tar, or they are
rabid do-it-yourselfers who wouldn't install someone else's pre-compiled
binary even if they were paid to do it."


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Very slow bind 9
 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

<snip>

>> I aggregate a root zone to run on my name servers. You may grab the
>> zone if you would like to give it a try. slave '. zone from 58.6.115.46.
>
> Can you share the aggregation script ?

I would be more then happy to share the script. It is of course the
guts that run OpenNIC. :) Let me clean it up tonight, write a README
for it, then I shall publish it.

>> Once this done, you will have no need to forward to your ISP.
>> Hope that helps!
>
> But he is exposed if your master ever moves, or you quit allowing
> remote access (even axfr) traffic to the zone ;)
>
> This seems like a very useful idea, and would benefit even ISP traffic
> if they provide a similar service.

That is true.

- --
Cheers,
Julian De Marchi
- --
OpenNIC user - http://www.opennicproject.org/ | http://www.opennic.glue
Support OpenNIC, become a member today!
- --
PGP 0x8D659814
- --
Please avoid sending me Word or PowerPoint attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJEoAbfM8nSo1lmBQRAjNkAJ92+hzS1AADVo8SYYw7xv HUas5n6wCgrhR/
jquh4NanmIz5DG3tu/CSpXE=
=ZtDZ
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Very slow bind 9
 

Thanks for the help...but Julian...It's not clear to me...Where i should add the zone....i added to nameb.conf.local* this:

zone "." IN{

* * * *type slave;

* * * *file "/etc/bind/db.root";

* * * *masters { 62.42.230.24; };

* * * *allow-transfer { any; };

* * * *notify no;

};


where 62.42.230.24 is the DNS of my ISP...

but this no work...Dns server not resolve ... what an i doing wrong?

thanks

On Thu, Nov 6, 2008 at 6:26 AM, Julian De Marchi <julian@jdcomputers.com.au> wrote:

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1



<snip>



>> I aggregate a root zone to run on my name servers. You may grab the

>> zone if you would like to give it a try. slave '. zone from 58.6.115.46.

>

> Can you share the aggregation script ?



I would be more then happy to share the script. It is of course the

guts that run OpenNIC. :) Let me clean it up tonight, write a README

for it, then I shall publish it.



>> Once this done, you will have no need to forward to your ISP.

>> Hope that helps!

>

> But he is exposed if your master ever moves, or you quit allowing

> remote access (even axfr) traffic to the zone ;)

>

> This seems like a very useful idea, and would benefit even ISP traffic

> if they provide a similar service.



That is true.



- --

Cheers,

Julian De Marchi

- --

OpenNIC user - http://www.opennicproject.org/ | http://www.opennic.glue

Support OpenNIC, become a member today!

- --

PGP 0x8D659814

- --

Please avoid sending me Word or PowerPoint attachments.

See http://www.gnu.org/philosophy/no-word-attachments.html

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.7 (MingW32)

Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org



iD8DBQFJEoAbfM8nSo1lmBQRAjNkAJ92+hzS1AADVo8SYYw7xv HUas5n6wCgrhR/

jquh4NanmIz5DG3tu/CSpXE=

=ZtDZ

-----END PGP SIGNATURE-----





--

To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org

with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Very slow bind 9
 

On Thu, 6 Nov 2008 09:27:00 +0100
"Jesus arteche" <chechu.linux@gmail.com> wrote:

> Thanks for the help...but Julian...It's not clear to me...Where i
> should add the zone....i added to nameb.conf.local this:
>
> zone "." IN{
> type slave;
> file "/etc/bind/db.root";
> masters { 62.42.230.24 <http://58.6.115.46/>; };
> allow-transfer { any; };
> notify no;
> };
>
> where 62.42.230.24 is the DNS of my ISP...
>
> but this no work...Dns server not resolve ... what an i doing wrong?

See man named.conf:

MASTERS
masters string [ port integer ] {
( masters | ipv4_address [port integer] |
ipv6_address [port integer] ) [ key string ]; ...
};

You've given an URL in the specification of a master server, and named
tries to interpret the URL as a port specification. If you really do
need to specify the http port for this, try 80 (see /etc/services).

But try without specifying a port first:


zone "." IN {
type slave;
file "/etc/bind/db.root";
masters { 62.42.230.24; };
allow-transfer { any; };
notify no;
};


For better understanding, if you
read /usr/share/doc/HOWTO/en-txt/DNS-HOWTO.gz, line 1498: "A slave is
simply a nameserver that copies zone files from a master." This is
useful for creating backup servers, but is setting a backup server for
your ISP what you want to do?


GH


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Very slow bind 9
 

On Thu, 6 Nov 2008 09:27:00 +0100, "Jesus arteche" <chechu.linux@gmail.com>
wrote:
> Thanks for the help...but Julian...It's not clear to me...Where i should
> add
> the zone....i added to nameb.conf.local this:
>
> zone "." IN{
> type slave;
> file "/etc/bind/db.root";
> masters { 62.42.230.24 <http://58.6.115.46/>; };
> allow-transfer { any; };
> notify no;
> };
>
> where 62.42.230.24 is the DNS of my ISP...

Your IP is not needed in the masters section. The line masters should look
like this;

masters { 58.6.115.46; 216.87.84.214; };

Having two IPs listed in master will ensure that if one goes down, you can
still transfer the zone.

--julian


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Very slow bind 9
 

Richard A Nelson wrote:
> On Thu, 6 Nov 2008, Julian De Marchi wrote:
>
>> It uses them to determine the NS for the domain name you want. to run
>> bind at its quickest, using your own root zone can help.
>
> That makes sense. By default "." is type hint.
>
>> I aggregate a root zone to run on my name servers. You may grab the
>> zone if you would like to give it a try. slave '. zone from 58.6.115.46.
>
> Can you share the aggregation script ?


http://58.6.115.44/OpenNIC.tar.gz

There is the script. Its still very raw as we have never had a request
from anyone to view it before. Modifications are welcome!

--julian


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org