From owner-freebsd-net@FreeBSD.ORG Thu Mar 18 17:54:38 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AACEC16A4CE for ; Thu, 18 Mar 2004 17:54:38 -0800 (PST) Received: from mail.gmx.net (pop.gmx.de [213.165.64.20]) by mx1.FreeBSD.org (Postfix) with SMTP id D761043D48 for ; Thu, 18 Mar 2004 17:54:37 -0800 (PST) (envelope-from 789456123@gmx.de) Received: (qmail 22209 invoked by uid 0); 19 Mar 2004 01:54:36 -0000 Received: from 141.84.69.18 by www27.gmx.net with HTTP; Fri, 19 Mar 2004 02:54:37 +0100 (MET) Date: Fri, 19 Mar 2004 02:54:37 +0100 (MET) From: 789456123@gmx.de To: freebsd-net@freebsd.org MIME-Version: 1.0 X-Priority: 3 (Normal) X-Authenticated: #2273895 Message-ID: <6686.1079661277@www27.gmx.net> X-Mailer: WWW-Mail 1.6 (Global Message Exchange) X-Flags: 0001 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit Subject: BIND: Lookup of CNAME records X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Mar 2004 01:54:38 -0000 I have set up a FreeBSD (5.2.1-RELEASE) box acting as a gateway and running version 8.3.7-REL of BIND. For testing purposes my configuration file looks as follows: options { directory "/etc/namedb"; pid-file "/var/run/named/pid"; forward only; forwarders { 195.62.99.42; 195.62.97.177; }; query-source address * port 53; }; zone "." { type hint; file "named.root"; }; This setup (actually a replacement for just adding the two nameservers to resolv.conf) works fine with lookup tools like "host", "nslookup", or "dnsquery". However, when I try to telnet or ftp a server whose name is a CNAME record, it takes about 77 seconds until the lookup is complete. This appears quite odd to me, as "host" does the lookup perfectly well and fast. Connections to A name records are no problem however. My first assumption was that "ftp" or "telnet" were not doing lookups properly. But modifying resolv.conf in a way that it uses the two nameservers directly (instead of the local nameserver) solved the CNAME lookup problem. What makes the whole story even more obscure: Lookups of clients on the LAN (they use the FreeBSD box as their nameserver) do work with A records as well as with CNAME records. Even when the lookup is initiated by some ftp or telnet client. My firewall is widely opened, for everything in and everything out. An upgrade to BIND-8.4.4 did not resolve my problem. I suppose the answer is quite simple, but I don't really see it at the moment, I'm afraid... Any help is greatly appreciated, Lutz -- +++ NEU bei GMX und erstmalig in Deutschland: TÜV-geprüfter Virenschutz +++ 100% Virenerkennung nach Wildlist. Infos: http://www.gmx.net/virenschutz