Date: Thu, 20 Apr 2017 22:57:22 +0100 From: Matthew Seaman <matthew@FreeBSD.org> To: freebsd-questions@freebsd.org Subject: Re: Strange Name Server Problem Message-ID: <c1f55892-b478-1454-a2e6-865a2e890fb0@FreeBSD.org> In-Reply-To: <CAAdA2WM6_HW5jZZRZ4SE9ATLFgUDucYaPF_OSprrVOXjBZQ5yQ@mail.gmail.com> References: <CAAdA2WM6_HW5jZZRZ4SE9ATLFgUDucYaPF_OSprrVOXjBZQ5yQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --Hu8jRnoGCOwhlOnO3idrW6u4fI8u5ajux Content-Type: multipart/mixed; boundary="2sJUi6Pm0AgQdMv72tNpAk0FDFtehJpM5"; protected-headers="v1" From: Matthew Seaman <matthew@FreeBSD.org> To: freebsd-questions@freebsd.org Message-ID: <c1f55892-b478-1454-a2e6-865a2e890fb0@FreeBSD.org> Subject: Re: Strange Name Server Problem References: <CAAdA2WM6_HW5jZZRZ4SE9ATLFgUDucYaPF_OSprrVOXjBZQ5yQ@mail.gmail.com> In-Reply-To: <CAAdA2WM6_HW5jZZRZ4SE9ATLFgUDucYaPF_OSprrVOXjBZQ5yQ@mail.gmail.com> --2sJUi6Pm0AgQdMv72tNpAk0FDFtehJpM5 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 20/04/2017 19:48, Odhiambo Washington wrote: > I have a server running FreeBSD 11.0-STABLE. >=20 > I am a little stumped why my local caching bind instance doesn't answer= > queries. I have then opted to run bind on port 5353 and unbound on port= 53. > I still experience the same problem! >=20 > root@waridi:/usr/local/etc/unbound # sockstat -l | grep named > bind named 50877 20 tcp4 192.168.27.254:5353 *:* > bind named 50877 21 tcp4 127.0.0.1:5353 *:* > bind named 50877 22 tcp4 127.0.0.1:953 *:* > bind named 50877 23 tcp6 ::1:953 *:* > bind named 50877 512 udp4 192.168.27.254:5353 *:* > bind named 50877 513 udp4 192.168.27.254:5353 *:* > bind named 50877 514 udp4 192.168.27.254:5353 *:* > bind named 50877 515 udp4 127.0.0.1:5353 *:* > bind named 50877 516 udp4 127.0.0.1:5353 *:* > bind named 50877 517 udp4 127.0.0.1:5353 *:* > root@waridi:/usr/local/etc/unbound # sockstat -l | grep unb > unbound unbound 51296 3 udp4 127.0.0.1:53 *:* > unbound unbound 51296 4 tcp4 127.0.0.1:53 *:* > unbound unbound 51296 5 udp4 192.168.27.254:53 *:* > unbound unbound 51296 6 tcp4 192.168.27.254:53 *:* > unbound unbound 51296 10 udp4 *:29712 *:* > unbound unbound 51296 11 udp4 *:28511 *:* > unbound unbound 51296 13 udp4 *:35511 *:* > unbound unbound 51296 14 udp4 *:19644 *:* > unbound unbound 51296 15 udp4 *:22549 *:* > unbound unbound 51296 16 udp4 *:30714 *:* > unbound unbound 51296 17 udp4 *:11907 *:* > unbound unbound 51296 18 udp4 *:50834 *:* > root@waridi:/usr/local/etc/unbound # >=20 > Name resolution takes so long because it has to happen via the ISPs DNS= > Servers, which are the 3rd and 4th options in /etc/resolv.conf >=20 > I am actually lost as to where to start looking. >=20 Have you tried turning up the logging levels for each of these programs? You can set them to log every single query -- this is not usually done in production since it slows the server down, but for debugging purposes, it is really useful. How are you generating lookups? It's best to use a tool like dig(1) -- this can query DNS directly and avoid all the added bits of NSS stuff which helps you localise the problem better. Can you tell if either of these programs is attempting to recurse DNS queries for you? You can use tcpdump to capture any port 53 traffic, or else install dnstop which captures DNS traffic in a similar way and displays various statistics about it. Either of these should be able to show you queries being made from your server to the root or other authoritative servers and replies coming back. You'll only tend to see the full sequence the first time you query for something: most of the results will be cached and second and subsequent lookups for the same thing will just be answered out of cache. You can clear the cache by 'rndc flush' or 'unbound-control flush_zone zonename' Another thing to check is what ends up in the cache for either of those recursive servers -- both rndc and unbound-control have options to dump the cache in text format. Is your local unbound cache using the unbound port or the built-in local_unbound service? If it's local unbound, did you run: service local_unbound setup This will process your /etc/resolv.conf and add any nameservers specified there as forwarders in the configuration it generates. Cheers, Matthew --2sJUi6Pm0AgQdMv72tNpAk0FDFtehJpM5-- --Hu8jRnoGCOwhlOnO3idrW6u4fI8u5ajux Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQJ8BAEBCgBmBQJY+S7IXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2NTNBNjhCOTEzQTRFNkNGM0UxRTEzMjZC QjIzQUY1MThFMUE0MDEzAAoJELsjr1GOGkATGoYP/0S1/96CYuHDcoduS8B+EvTa /84062aD8W7p5CckJSMdFN4gm8QKFweNk/MXSEcgzl4djgbJyaZMPTMdEg6ALreH xLvlEnPuRLeJA1xwWQEQPp2bSygo6pcN1EaGJtzPkcXXOjoWm2VpAgdvFer0Ist8 kPjxI7H0BimjLAMAWbHmhTE7ZH+B2tt017wi+NnfDVjSKfOYkX2smPhAiyt4Zu3+ 8uNaYB+eUoW7E4yBUZUFcPGK1M1zea243/JSYTrvaNO0sLEsnPwwZ4BgENvVtkEB 0i/BdDZckY2kS0gJsl9jgVPASpb5Dt51/wmrQ7bI1Hlez6Wk3+w+SAAwdc9stpBd NSi7DxPOWyq6nRUybzDF9zP8p4BxyxmoU0HKlH1xRUgFRO9sOoMVPWA9p0CJIevL WnjTpiBOrYOPCWQTCoeGZfyoS9Bf1KhIc6lNw04e+ZMG+PzhVJKFoVoXDNWR6aoi 4JoQyRo0zMS8G8HT9H0grtPrmJS8Tajfeb184LvAZmqzrRLXrsnjYS1LXeX+zLQD Vs87uiKwlcSFpuuOjhSfJk44KJGFPbsnwMNMJ+/Dao4YXKwFDEhtAv5Qvg9SBE0y /WzRAlkmJqGIcFXnJiTmWKpap9cMS009RdK/yO9z8NrMRPgmRXPoitCeoRJyuwqD YVUuRnT0sc+8/nKXDjQk =fk5r -----END PGP SIGNATURE----- --Hu8jRnoGCOwhlOnO3idrW6u4fI8u5ajux--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?c1f55892-b478-1454-a2e6-865a2e890fb0>