From owner-freebsd-ports@FreeBSD.ORG Fri Nov 12 22:18:27 2004 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7195816A4CE for ; Fri, 12 Nov 2004 22:18:27 +0000 (GMT) Received: from relay.epsb.ca (relay.epsb.ca [198.161.119.27]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2FF3243D3F for ; Fri, 12 Nov 2004 22:18:27 +0000 (GMT) (envelope-from Sean.Page@epsb.ca) Received: from exchange03.epsb.ca (exchange03.epsb.ca [10.0.5.11]) by relay.epsb.ca (8.12.11/8.12.11) with ESMTP id iACMIOeB069606 for ; Fri, 12 Nov 2004 15:18:24 -0700 (MST) (envelope-from Sean.Page@epsb.ca) Received: by exchange03.epsb.ca with Internet Mail Service (5.5.2653.19) id <4G43ZWW2>; Fri, 12 Nov 2004 15:22:05 -0700 Message-ID: <1FE05C67E513D9119F31000F1F6C220742C3@EXCHANGE08> From: Sean Page To: "'freebsd-ports@freebsd.org'" Date: Fri, 12 Nov 2004 15:16:51 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain Subject: Name resolution performance in BIND9 X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Nov 2004 22:18:27 -0000 Greetings list. I am running versions of FreeBSD from 4.9.x to 4.10 p3. Let's say for the sake of argument that we're dealing with FreeBSD 4.10-RELEASE-p2. I am finding that BIND9 (installed to replace the base install of BIND) is taking from 4-8 seconds to resolve a name that isn't cached, where the same lookup on BIND8 will occur in less than a second. I've tested on a half a dozen servers split between the 2 versions and the results are always the same. Some client applications are timing out with this kind of delay. I recently updated to BIND 9.3.0 hoping to help the problem to no avail. Has anyone else been experiencing this? Any help would be greatly appreciated. TIA Sean. Named.conf file: // $Id: named.conf,v 1.5 1998/12/23 06:06:13 dillon Exp $ // // Refer to the named(8) man page for details. If you are ever going // to setup a primary server, make sure you've understood the hairy // details of how DNS is working. Even with simple mistakes, you can // break connectivity for affected parties, or cause huge amount of // useless Internet traffic. controls { inet 127.0.0.1 allow {127.0.0.1;} keys {"key";}; }; key "key" { algorithm hmac-md5; secret "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"; }; options { allow-recursion {192.168.0.0/24; localhost; }; directory "."; /* * If there is a firewall between you and nameservers you want * to talk to, you might need to uncomment the query-source * directive below. Previous versions of BIND always asked * questions using port 53, but BIND 8.1 uses an unprivileged * port by default. */ query-source address * port 53; version "None of your business bub"; }; // In addition to the "forwarders" clause, you can force your name // server to never initiate queries of its own, but always ask its // forwarders only, by enabling the following line: // // forward only; // If you've got a DNS server around at your upstream provider, enter // its IP address here, and enable the line below. This will make you // benefit from its cache, thus reduce overall DNS traffic in the Internet. /* forwarders { 127.0.0.1; }; */ /* * If running in a sandbox, you may have to specify a different * location for the dumpfile. */ // dump-file "var/named_dump.db"; // Note: the following will be supported in a future release. /* host { any; } { topology { 127.0.0.0/8; }; }; */ // Setting up secondaries is way easier and the rough picture for this // is explained below. // // If you enable a local name server, don't forget to enter 127.0.0.1 // into your /etc/resolv.conf so this server will be queried first. // Also, make sure to enable it in /etc/rc.conf. acl internal { 192.168.0/24; }; view internal { match-clients { internal; }; zone "." { type hint; file "root.zone"; }; zone "0.0.127.IN-ADDR.ARPA" { type master; file "localhost.rev"; }; zone "0.168.192.IN-ADDR.ARPA" { type master; file "0.168.192.in-addr.arpa"; }; zone "domain.net" { type master; file "db.domain.net.internal"; }; }; view external { match-clients { any; }; zone "." { type hint; file "root.zone"; }; zone "0.0.127.IN-ADDR.ARPA" { type master; file "localhost.rev"; }; zone "domain.net" { type master; file "db.domain.net"; allow-transfer {111.222.333.4; 199.99.99.9; }; }; }; Sean Page Network Analyst, Internet Services Information Technology Services Edmonton Public Schools Phone: (780) 429-8206 http://its.epsb.ca Supporting teaching and learning through the effective use of Technology.