On 1/18/20, Steve Farr wrote: > > I don't have IPv6 connectivity through my ISP, and don't use it on my LAN, > so I have it unchecked/not bound in Windows,
Same here. When I tried running named on windows it didn't support the -4 option; the workaround I was given was to add server ::/0 { bogus yes; }; to named.conf so it wouldn't try to use ipv6. And maybe this is enabled/works on windows now: options { filter-aaaa-on-v4 yes; } > Basically, it looks like my DNS server sits on it for 3.2 seconds before > asking the root for a referral. Which is weird. Exactly how did you do the packet capture - as in, is it possible you didn't capture everything to/from the server? Lee > > From: Ondrej Surý > Sent: Friday, January 17, 2020 3:27 PM > To: Steve Farr > Cc: bind-users@lists.isc.org > Subject: Re: Slow recursive query performance on Windows x64 > > > > Hi Steve, > > > > I would suggest to either bump debugging level in bind9 or use wireshark to > look what’s happening on the wire. My best guest is broken IPv6 > connectivity, but it could be something completely different. Looking at the > packets is a easiest way to get better understanding of the problem. > > Ondrej > > -- > > Ondřej Surý — ISC > > > > > > On 17 Jan 2020, at 20:52, Steve Farr via bind-users > > Hi there, > > > > I'm hoping perhaps someone can point me in a good direction for > troubleshooting here… I recently upgraded from BIND 9.9.10-P3 running in > 32-bit Windows, to 9.14.9 running on 64-bit Windows. I've tried it in both > Windows 10 and Windows 7, and the behavior is the same: Queries for > addresses that aren't already cached take a long time (long enough that the > client resolver often gives up and assumes the DNS server failed - perhaps > 5-6 seconds). On a second attempt, it's usually in the cache and responds > right away. The server has three views, two of which allow recursion, and it > hosts a couple of authoritative domains (differing in content between the > views, but present in all three). Queries for addresses in the domains that > are hosted locally are fast, and so are queries for anything that's cached. > I had to make a few tweaks to the config, jumping so many versions, in order > to eliminate warnings about things like DNSSEC… I also downloaded a fresh > copy of the named.cache / root hints, as well as bind.keys. > > > > It's entirely possible that I just don't know what I'm doing. > > > > Any ideas what could be causing this? The old server occupied the same > internal IP address (same firewall, same NAT, etc) so I don't tend to > suspect the network, especially since it's reproducible (the old 32-bit box > still works fast if I swap it back in). Here's my current config (feel free > to critique it even if off-topic): > > > > // named.conf > > acl internal { 192.168.63.0/24; 192.168.65.0/24; 127.0.0.1; }; > > acl wifi { 192.168.64.0/24; }; > > acl notifiers { [public IP removed for anonymity];}; > > > > key "transfer-key" { > > algorithm hmac-md5; > > secret "[removed for security]"; > > }; > > server [same public IP as in acl notifiers] { > > keys { transfer-key; }; > > }; > > > > options { > > version "1.1.1.1"; > > directory "C:\ISCBIND9\etc\namedb"; // Working directory > > pid-file "C:\ISCBIND9\var\named.pid"; > > statistics-file "C:\ISCBIND9\var\named.stats"; > > memstatistics-file "C:\ISCBIND9\var\named.memstats"; > > auth-nxdomain yes; > > listen-on { 192.168.63.23; 127.0.0.1; }; > > tcp-clients 1024; > > max-cache-size 128M; > > allow-query { any; }; > > recursion no; > > allow-recursion { none; }; > > allow-query-cache { none; }; > > allow-transfer { none; }; > > allow-notify { notifiers; }; > > notify no; > > > > dnssec-enable yes; > > dnssec-lookaside no; > > dnssec-validation yes; > > bindkeys-file "C:\ISCBIND9\etc\namedb\bind.keys"; > > }; > > > > view internal { > > match-clients { internal; }; > > recursion yes; > > allow-query { internal; }; > > allow-recursion { internal; }; > > allow-query-cache { internal; }; > > > > zone "." in {type hint; file "named.cache"; }; > > zone "localhost" IN {type master; file "localhost.zone"; }; > > zone "0.0.127.in-addr.arpa" IN {type master; file > "named.local"; }; > > [authoritative zones follow] > > }; > > > > view wifi { > > [basically the same as internal except different > match-clients statement and different zones] > > }; > > > > view external { > > match-clients { any; }; > > allow-recursion { none; }; > > allow-query-cache { none; }; > > recursion no; > > allow-query {any; }; > > > > zone "." in {type hint; file "named.cache"; }; > > zone "localhost" IN {type master; file "localhost.zone"; }; > > zone "0.0.127.in-addr.arpa" IN {type master; file > "named.local"; }; > > [authoritative zones follow] > > }; > > > > > > Thanks for any help anyone may be able to offer! > > > > -Steve _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users