Date: Fri, 12 Nov 2004 15:16:51 -0700 From: Sean Page <Sean.Page@epsb.ca> To: "'freebsd-ports@freebsd.org'" <freebsd-ports@freebsd.org> Subject: Name resolution performance in BIND9 Message-ID: <1FE05C67E513D9119F31000F1F6C220742C3@EXCHANGE08>
next in thread | raw e-mail | index | archive | help
Greetings list.
I am running versions of FreeBSD from 4.9.x to 4.10 p3. Let's say for the
sake of argument that we're dealing with FreeBSD 4.10-RELEASE-p2. I am
finding that BIND9 (installed to replace the base install of BIND) is taking
from 4-8 seconds to resolve a name that isn't cached, where the same lookup
on BIND8 will occur in less than a second. I've tested on a half a dozen
servers split between the 2 versions and the results are always the same.
Some client applications are timing out with this kind of delay. I recently
updated to BIND 9.3.0 hoping to help the problem to no avail. Has anyone
else been experiencing this?
Any help would be greatly appreciated.
TIA
Sean.
Named.conf file:
// $Id: named.conf,v 1.5 1998/12/23 06:06:13 dillon Exp $
//
// Refer to the named(8) man page for details. If you are ever going
// to setup a primary server, make sure you've understood the hairy
// details of how DNS is working. Even with simple mistakes, you can
// break connectivity for affected parties, or cause huge amount of
// useless Internet traffic.
controls {
inet 127.0.0.1 allow {127.0.0.1;} keys {"key";};
};
key "key" {
algorithm hmac-md5;
secret
"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
};
options {
allow-recursion {192.168.0.0/24; localhost; };
directory ".";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
query-source address * port 53;
version "None of your business bub";
};
// In addition to the "forwarders" clause, you can force your name
// server to never initiate queries of its own, but always ask its
// forwarders only, by enabling the following line:
//
// forward only;
// If you've got a DNS server around at your upstream provider, enter
// its IP address here, and enable the line below. This will make you
// benefit from its cache, thus reduce overall DNS traffic in the Internet.
/*
forwarders {
127.0.0.1;
};
*/
/*
* If running in a sandbox, you may have to specify a different
* location for the dumpfile.
*/
// dump-file "var/named_dump.db";
// Note: the following will be supported in a future release.
/*
host { any; } {
topology {
127.0.0.0/8;
};
};
*/
// Setting up secondaries is way easier and the rough picture for this
// is explained below.
//
// If you enable a local name server, don't forget to enter 127.0.0.1
// into your /etc/resolv.conf so this server will be queried first.
// Also, make sure to enable it in /etc/rc.conf.
acl internal { 192.168.0/24; };
view internal {
match-clients { internal; };
zone "." {
type hint;
file "root.zone";
};
zone "0.0.127.IN-ADDR.ARPA" {
type master;
file "localhost.rev";
};
zone "0.168.192.IN-ADDR.ARPA" {
type master;
file "0.168.192.in-addr.arpa";
};
zone "domain.net" {
type master;
file "db.domain.net.internal";
};
};
view external {
match-clients { any; };
zone "." {
type hint;
file "root.zone";
};
zone "0.0.127.IN-ADDR.ARPA" {
type master;
file "localhost.rev";
};
zone "domain.net" {
type master;
file "db.domain.net";
allow-transfer {111.222.333.4; 199.99.99.9; };
};
};
Sean Page
Network Analyst, Internet Services
Information Technology Services
Edmonton Public Schools
Phone: (780) 429-8206
http://its.epsb.ca <http://its.epsb.ca>;
Supporting teaching and learning through the effective use of Technology.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1FE05C67E513D9119F31000F1F6C220742C3>