# BIND/named

## dgrant

Does anyone know a lot about bind/named?  I'm just using it to cache DNS queries to speed up DNS.  I'm having a bit of trouble though.  My ISP has two DNS servers, and I basically have those set up as forwarders in my /etc/bind/named.conf file.  But when I run the named daemon and set /etc/resolv.conf to just search 127.0.0.1, I get a really slow initial query, using "dig".  The queries after that are instant though.  But the initial query is way slower than if I just had my ISP's DNS servers in /etc/resolv.conf.  I'm not sure why that is?  I'm not sure if I have the forwarders set up properly.  Anyways, I'd like to get this fixed.  Here's a summary:

Queries to my ISP's DNS servers: ~100ms

Now I turn on BIND using my ISP's DNS servers as forwarders:

First queries take ~1000-2000 ms

Repeat queries are ~1-4ms (very fast)

----------

## dev-null-devil

Did you use search 127.0.0.1 or nameserver 127.0.0.1?

----------

## dgrant

I just used nameserver 127.0.0.1.  No search entry in resolv.conf

BTW, some guy on IRC #gentoo just told me to check out djbdns.  I'm looking into that now

----------

## patan

Do you have a "127.in-addr.arpa" zone?

----------

## dgrant

Yes I did have this.

But I just switched to djbdns.  It was quite painless.  And the caching seems to work nicely.  Configuration was a bit non-standard, but not too complicated. Supposedly it is much better than BIND.

http://cr.yp.to/djbdns.html

----------

## Phlaegel

I just switched from bind to djbdns as well... it's got a weird setup, but once you see how it works, it's so simple it makes you wonder why you ever looked at bind. I'm using dnscache to do external lookups, along with ldapdns running on an alias for some private name resolution behind the firewall... works great.

----------

## gramafonov

Is it true you can use a MySQL database to store djbdns zones info? Has anyone tried this storage method?

----------

## chroweb

I really hate to bump this thread, but I've searched around all over these forums and google.

I know that BIND is a beast and there are many alternatives, but I'd like to know if anyone has a solution to the forwarders issue. I have the same as the original poster, it takes about 2 seconds to resolve any DNS names through bind that it's not serving itself.

A little info.

I have 3 networks, the internet and two private networks, one for my servers and one for my workstations. The network isn't all that big, about 8 computers, but I'd like to see this setup work.

I have BIND configured to serve out servers.myplace and workstations.myplace DNS entries as well as their reverse. This works great. If I try to resolve an offsite address, google for instance, it takes 2 seconds+ to get the DNS. After that, the OS (Windows XP or whatever) will  cache the request. That's great, but the 2 second lag is very anoying... so much that I've had DHCPD not even serve my BIND server as a option. I'd rather live without local DNS then get the lag.

Any suggestions?

----------

## UberLord

 *chroweb wrote:*   

> Any suggestions?

 

Aside from trying another DNS server (I prefer dnsmasq myself - 118k and very easy to setup. DHCP as well) then not really.

After all, if it is working then I don't know of any BIND options to make it "go faster"

----------

## nobspangle

what happens when you do an nslookup from an XP machine?

```
nslookup www.google.com
```

----------

## chroweb

 *nobspangle wrote:*   

> what happens when you do an nslookup from an XP machine?
> 
> ```
> nslookup www.google.com
> ```
> ...

 

It's kind of interesting, the request goes out to the server, but the responce doesn't come back in time for nslookup. nslookup times out before the responce is sent, which is demonstrated by doing the same query again right after the first.

The client is "gigabyte" with IP address 172.17.22.30. The DNS server is running on 172.17.20.1 (which is a multi-homed Linux router with 3 physical interfaces.) The DNS server binds to the IP alias 172.17.20.10 (just for "completeness" sake), however the same issue still exists even if named/BIND (whatever they call it nowadays) binds to any of the interface addresses (as in not the aliases eth1:0, etc).

Notice that the DNS cache was flushed prior to running nslookup AND that named is serving out the correct DNS for the 172.17.X.X zones. It's the DNS zones that forwarder is referring to that is not responding. (I can resolve ns.servers.laposada.chrosoft as 172.17.20.10 in as long a time it takes for the packets to go across the LAN... .021ms.)

```

C:\Documents and Settings\Administrator>ipconfig /flushdns

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Documents and Settings\Administrator>ipconfig /all

Windows IP Configuration

        Host Name . . . . . . . . . . . . : gigabyte

        Primary Dns Suffix  . . . . . . . :

        Node Type . . . . . . . . . . . . : Unknown

        IP Routing Enabled. . . . . . . . : Yes

        WINS Proxy Enabled. . . . . . . . : Yes

Ethernet adapter Lan:

        Connection-specific DNS Suffix  . : condo104.laposada.chrosoft

        Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connect

ion

        Physical Address. . . . . . . . . : 00-20-ED-73-B6-C5

        Dhcp Enabled. . . . . . . . . . . : Yes

        Autoconfiguration Enabled . . . . : Yes

        IP Address. . . . . . . . . . . . : 172.17.22.30

        Subnet Mask . . . . . . . . . . . : 255.255.255.0

        Default Gateway . . . . . . . . . : 172.17.22.1

        DHCP Server . . . . . . . . . . . : 172.17.22.1

        DNS Servers . . . . . . . . . . . : 172.17.20.10

        Primary WINS Server . . . . . . . : 172.17.22.1

        Lease Obtained. . . . . . . . . . : Friday, August 06, 2004 12:28:11 PM

        Lease Expires . . . . . . . . . . : Friday, August 06, 2004 4:38:11 PM

C:\Documents and Settings\Administrator>nslookup www.google.com

Server:  ns.servers.laposada.chrosoft

Address:  172.17.20.10

DNS request timed out.

    timeout was 2 seconds.

*** Request to ns.servers.laposada.chrosoft timed-out

C:\Documents and Settings\Administrator>nslookup www.google.com

Server:  ns.servers.laposada.chrosoft

Address:  172.17.20.10

Non-authoritative answer:

Name:    www.google.akadns.net

Addresses:  64.233.167.99, 64.233.167.104

Aliases:  www.google.com

C:\Documents and Settings\Administrator>

```

----------

## nobspangle

that's pretty weird, can you post your ntp.conf (just the main bit, don't need the zones) also, have you tried without the forwarders?

----------

## ARC2300

When I set up my DNS/BIND, I used it to directly look up via the root servers.

I found forwarding and bouncing off someone else's server a pain.

----------

## matt@yyc

I have Bind 9 set up as a caching nameserver, and it sounds as if Bind is trying to forward your request to the root DNS servers.  From my location, I found that the root servers were much slower than my ISPs.  

I have the line forward only;  in my options block of named.conf before the line that contains my ISPs name-servers, and it works well.

edit:  oops, someone beat me to the root issue.

Matt

----------

## chroweb

 *nobspangle wrote:*   

> that's pretty weird, can you post your ntp.conf (just the main bit, don't need the zones) also, have you tried without the forwarders?

 

Hmm, the network time configuration?

```

restrict default noquery notrust nomodify

restrict 127.0.0.1

restrict 192.168.0.0 mask 255.255.255.0

fudge 127.127.1.0 stratum 3

server 127.127.1.0

driftfile /var/lib/ntp/ntp.drift

logfile /var/log/ntp.log

```

If I turn the forwarders off, then I can't resolve outside DNS addresses at all.  :P

 *matt@yyc wrote:*   

> I have the line forward only; in my options block of named.conf before the line that contains my ISPs name-servers, and it works well.

 

That's what I have in my configuration...

```

        forward only;

        forwarders {

                68.108.16.30;

                //68.108.16.25;

                68.1.208.30;

        };

```

----------

## nobspangle

 *nobspangle wrote:*   

> that's pretty weird, can you post your ntp.conf (just the main bit, don't need the zones) also, have you tried without the forwarders?

 

I meant your named.conf I was probably thinking about something else at the time.

You should be able to resolve outside addresses no problems without having forwarders. Have you got your root hints setup correctly?

----------

## chroweb

named.conf first sections (options, logging and hint zone):

```

abox root # cat /etc/bind/named.conf

#

# named.conf options for bind #

#

options {

        directory "/var/bind";

        forward only;

        forwarders {

                68.108.16.30;

                //68.108.16.25;

                68.1.208.30;

        };

        listen-on-v6 { none; };

        // allow the software to listen to the local network

        listen-on {

                127.0.0.1;

                172.17.20.10;

        };

        // to allow only specific hosts to use the DNS server:

        allow-query {

                127.0.0.1;

                172.17.0.0/16;

        };

        // if you have problems and are behind a firewall:

        //query-source address * port 53;

        pid-file "/var/run/named/named.pid";

        version "BIND 1.0";

};

logging {

        channel laposada_log {

                file "/var/log/bind/laposada.log" versions 3;

                severity info;

        };

        category default {

                laposada_log;

        };

};

#

# hints... for the root servers #

#

zone "." IN {

        type hint;

        file "named.ca";

};

```

----------

## nobspangle

what happens if you remove the forward only line?

----------

## chroweb

Nope, same issue.

Could the speed of the machine have something to do with it?

----------

