Re: forwarder (YES/NO)

2016-09-21 Thread Chris Buxton 
Funny email address.

I could be wrong, but it looks like you might have a firewall problem. The one 
really slow response is the one over 512 bytes. Is it possible you have a 
firewall that examines the contents of DNS messages?

Regards,
Chris

Sent from my iPhone

> On Sep 21, 2016, at 12:34 PM, Pol Hallen  wrote:
> 
> hello again!
> 
>> try running dig +trace  and see how fast it runs. It should return
>> in about same time as BIND does (when it doesn't have anything in cache).
> 
> ; <<>> DiG 9.10.3-P4-Debian <<>> +trace @192.168.1.212 yahoo.it
> ; (1 server found)
> ;; global options: +cmd
> .   518367  IN  NS  d.root-servers.net.
> .   518367  IN  NS  g.root-servers.net.
> .   518367  IN  NS  e.root-servers.net.
> .   518367  IN  NS  h.root-servers.net.
> .   518367  IN  NS  b.root-servers.net.
> .   518367  IN  NS  c.root-servers.net.
> .   518367  IN  NS  a.root-servers.net.
> .   518367  IN  NS  l.root-servers.net.
> .   518367  IN  NS  i.root-servers.net.
> .   518367  IN  NS  m.root-servers.net.
> .   518367  IN  NS  k.root-servers.net.
> .   518367  IN  NS  j.root-servers.net.
> .   518367  IN  NS  f.root-servers.net.
> .   518396  IN  RRSIG   NS 8 0 518400 2016100417 
> 2016092116 46551 . 
> tZptpyBClVtkAbyo4NOR2MgHDoq67TlImcBVzZORhn7C2c557prmG42J 
> sSPD8aZmisk3bbUJbmqFVFB/M2y/O4zjw3jBf42ujHce99VD3xCeJuk7 
> boGW356J6c7JaApB02GRf3SGQIv7x6MVyBmGeKxAosEePlbfjg/8NPEY +y0=
> ;; Received 397 bytes from 192.168.1.212#53(192.168.1.212) in 2 ms
> 
> it. 172800  IN  NS  a.dns.it.
> it. 172800  IN  NS  m.dns.it.
> it. 172800  IN  NS  r.dns.it.
> it. 172800  IN  NS  dns.nic.it.
> it. 172800  IN  NS  nameserver.cnr.it.
> it. 86400   IN  NSECitau. NS RRSIG NSEC
> it. 86400   IN  RRSIG   NSEC 8 1 86400 2016100417 
> 2016092116 46551 . 
> LL0eXWf22Lhhi5C0P+PX446JQH+GwCFhxU7tkUUF9wyG+pQ0eDCnpTu0 
> vm0ww/3YycmNJwlF3IHJmLIh2l7htSW6G/o2/ozNbZU6RF9pMhKxQNrJ 
> aE6hf4L+Ka1N5uNstgJzrE6pV9ouXOJmL0Epoa3gUnbSZcFHH5QrKbu6 AfQ=
> ;; Received 545 bytes from 192.58.128.30#53(j.root-servers.net) in 577 ms
> 
> yahoo.it.   10800   IN  NS  ns2.yahoo.com.
> yahoo.it.   10800   IN  NS  ns1.yahoo.com.
> yahoo.it.   10800   IN  NS  ns5.yahoo.com.
> yahoo.it.   10800   IN  NS  ns7.yahoo.com.
> yahoo.it.   10800   IN  NS  ns3.yahoo.com.
> ;; Received 136 bytes from 194.0.16.215#53(a.dns.it) in 136 ms
> 
> yahoo.it.   300 IN  A   106.10.212.24
> yahoo.it.   300 IN  A   98.137.236.24
> yahoo.it.   300 IN  A   77.238.184.24
> yahoo.it.   300 IN  A   212.82.102.24
> yahoo.it.   300 IN  A   74.6.50.24
> yahoo.it.   86400   IN  NS  ns3.yahoo.com.
> yahoo.it.   86400   IN  NS  ns2.yahoo.com.
> yahoo.it.   86400   IN  NS  ns1.yahoo.com.
> yahoo.it.   86400   IN  NS  ns4.yahoo.com.
> yahoo.it.   86400   IN  NS  ns5.yahoo.com.
> ;; Received 380 bytes from 68.180.131.16#53(ns1.yahoo.com) in 173 ms
> 
> same problem... bind is too slow...
> 
> the situation change (very fast) if I use bind like resolver
> 
> forwarders {
> 8.8.8.8;
> }
> 
> I don't understand why without resolver my bind is so slow... how I can audit 
> the problem?
> 
> thanks! :-)
> 
>>> but testing 127.0.0.1, bind keep also 4000/5000ms to resolve a query
>> 
>> 
>>> forwarders {
>>> 127.0.0.1;
>>> }
>> 
>> do you forward to yourself???
> 
> unfortunately looking for bind on internet there're many wrong howto :-/
> 
> Pol
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
> from this list
> 
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
> 

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: forwarder (YES/NO)

2016-09-21 Thread Mark Andrews 

Personally I would be looking for why there is such a big round
trip times even to Google.

PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: icmp_seq=0 ttl=57 time=16.654 ms
64 bytes from 8.8.8.8: icmp_seq=1 ttl=57 time=18.336 ms

% traceroute -In 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 64 hops max, 72 byte packets
 1  172.30.42.97  1.117 ms  0.870 ms  0.852 ms
 2  * * *
 3  * * *
 4  * * *
 5  59.154.142.28  13.654 ms  19.100 ms  11.059 ms
 6  72.14.223.66  10.939 ms  13.051 ms  19.474 ms
 7  216.239.40.223  11.156 ms  10.756 ms  11.680 ms
 8  216.239.41.1  13.082 ms  19.892 ms  11.985 ms
 9  8.8.8.8  10.721 ms  13.203 ms  11.703 ms
% 

Do this for all but you local server and then work out where the
slow path is.

Mark

In message <17a5a589-5f76-45da-8d55-b928916ae...@rrcic.com>, "John W. Blue" wri
tes:
> Pol,
> 
> You can "audit" your traffic by getting a pcap via tcpdump and then analyzi=
> ng it in wireshark.  Packets don't lie.
> 
> John
> 
> Sent from Nine<http://www.9folders.com/>
> 
> From: Pol Hallen <bin...@fuckaround.org>
> Sent: Sep 21, 2016 2:35 PM
> To: bind-users@lists.isc.org
> Subject: Re: forwarder (YES/NO)
> 
> hello again!
> 
> > try running dig +trace  and see how fast it runs. It should return
> > in about same time as BIND does (when it doesn't have anything in cache).
> 
> ; <<>> DiG 9.10.3-P4-Debian <<>> +trace @192.168.1.212 yahoo.it
> ; (1 server found)
> ;; global options: +cmd
> .   518367  IN  NS  d.root-servers.net.
> .   518367  IN  NS  g.root-servers.net.
> .   518367  IN  NS  e.root-servers.net.
> .   518367  IN  NS  h.root-servers.net.
> .   518367  IN  NS  b.root-servers.net.
> .   518367  IN  NS  c.root-servers.net.
> .   518367  IN  NS  a.root-servers.net.
> .   518367  IN  NS  l.root-servers.net.
> .   518367  IN  NS  i.root-servers.net.
> .   518367  IN  NS  m.root-servers.net.
> .   518367  IN  NS  k.root-servers.net.
> .   518367  IN  NS  j.root-servers.net.
> .   518367  IN  NS  f.root-servers.net.
> .   518396  IN  RRSIG   NS 8 0 518400
> 2016100417 2016092116 46551 .
> tZptpyBClVtkAbyo4NOR2MgHDoq67TlImcBVzZORhn7C2c557prmG42J
> sSPD8aZmisk3bbUJbmqFVFB/M2y/O4zjw3jBf42ujHce99VD3xCeJuk7
> boGW356J6c7JaApB02GRf3SGQIv7x6MVyBmGeKxAosEePlbfjg/8NPEY +y0=3D
> ;; Received 397 bytes from 192.168.1.212#53(192.168.1.212) in 2 ms
> 
> it. 172800  IN  NS  a.dns.it.
> it. 172800  IN  NS  m.dns.it.
> it. 172800  IN  NS  r.dns.it.
> it. 172800  IN  NS  dns.nic.it.
> it. 172800  IN  NS  nameserver.cnr.it.
> it. 86400   IN  NSECitau. NS RRSIG NSEC
> it. 86400   IN  RRSIG   NSEC 8 1 86400
> 2016100417 2016092116 46551 .
> LL0eXWf22Lhhi5C0P+PX446JQH+GwCFhxU7tkUUF9wyG+pQ0eDCnpTu0
> vm0ww/3YycmNJwlF3IHJmLIh2l7htSW6G/o2/ozNbZU6RF9pMhKxQNrJ
> aE6hf4L+Ka1N5uNstgJzrE6pV9ouXOJmL0Epoa3gUnbSZcFHH5QrKbu6 AfQ=3D
> ;; Received 545 bytes from 192.58.128.30#53(j.root-servers.net) in 577 ms
> 
> yahoo.it.   10800   IN  NS  ns2.yahoo.com.
> yahoo.it.   10800   IN  NS  ns1.yahoo.com.
> yahoo.it.   10800   IN  NS  ns5.yahoo.com.
> yahoo.it.   10800   IN  NS  ns7.yahoo.com.
> yahoo.it.   10800   IN  NS  ns3.yahoo.com.
> ;; Received 136 bytes from 194.0.16.215#53(a.dns.it) in 136 ms
> 
> yahoo.it.   300 IN  A   106.10.212.24
> yahoo.it.   300 IN  A   98.137.236.24
> yahoo.it.   300 IN  A   77.238.184.24
> yahoo.it.   300 IN  A   212.82.102.24
> yahoo.it.   300 IN  A   74.6.50.24
> yahoo.it.   86400   IN  NS  ns3.yahoo.com.
> yahoo.it.   86400   IN  NS  ns2.yahoo.com.
> yahoo.it.   86400   IN  NS  ns1.yahoo.com.
> yahoo.it.   86400   IN  NS  ns4.yahoo.com.
> yahoo.it.   86400   IN  NS  ns5.yahoo.com.
> ;; Received 380 bytes from 68.180.131.16#53(ns1.yahoo.com) in 173 ms
> 
> same problem... bind is too slow...
> 
> the situation change (very fast) if I use bind like resolver
> 
>

Re: forwarder (YES/NO)

2016-09-21 Thread John W. Blue 
Pol,

You can "audit" your traffic by getting a pcap via tcpdump and then analyzing 
it in wireshark.  Packets don't lie.

John

Sent from Nine<http://www.9folders.com/>

From: Pol Hallen <bin...@fuckaround.org>
Sent: Sep 21, 2016 2:35 PM
To: bind-users@lists.isc.org
Subject: Re: forwarder (YES/NO)

hello again!

> try running dig +trace  and see how fast it runs. It should return
> in about same time as BIND does (when it doesn't have anything in cache).

; <<>> DiG 9.10.3-P4-Debian <<>> +trace @192.168.1.212 yahoo.it
; (1 server found)
;; global options: +cmd
.   518367  IN  NS  d.root-servers.net.
.   518367  IN  NS  g.root-servers.net.
.   518367  IN  NS  e.root-servers.net.
.   518367  IN  NS  h.root-servers.net.
.   518367  IN  NS  b.root-servers.net.
.   518367  IN  NS  c.root-servers.net.
.   518367  IN  NS  a.root-servers.net.
.   518367  IN  NS  l.root-servers.net.
.   518367  IN  NS  i.root-servers.net.
.   518367  IN  NS  m.root-servers.net.
.   518367  IN  NS  k.root-servers.net.
.   518367  IN  NS  j.root-servers.net.
.   518367  IN  NS  f.root-servers.net.
.   518396  IN  RRSIG   NS 8 0 518400
2016100417 2016092116 46551 .
tZptpyBClVtkAbyo4NOR2MgHDoq67TlImcBVzZORhn7C2c557prmG42J
sSPD8aZmisk3bbUJbmqFVFB/M2y/O4zjw3jBf42ujHce99VD3xCeJuk7
boGW356J6c7JaApB02GRf3SGQIv7x6MVyBmGeKxAosEePlbfjg/8NPEY +y0=
;; Received 397 bytes from 192.168.1.212#53(192.168.1.212) in 2 ms

it. 172800  IN  NS  a.dns.it.
it. 172800  IN  NS  m.dns.it.
it. 172800  IN  NS  r.dns.it.
it. 172800  IN  NS  dns.nic.it.
it. 172800  IN  NS  nameserver.cnr.it.
it. 86400   IN  NSECitau. NS RRSIG NSEC
it. 86400   IN  RRSIG   NSEC 8 1 86400
2016100417 2016092116 46551 .
LL0eXWf22Lhhi5C0P+PX446JQH+GwCFhxU7tkUUF9wyG+pQ0eDCnpTu0
vm0ww/3YycmNJwlF3IHJmLIh2l7htSW6G/o2/ozNbZU6RF9pMhKxQNrJ
aE6hf4L+Ka1N5uNstgJzrE6pV9ouXOJmL0Epoa3gUnbSZcFHH5QrKbu6 AfQ=
;; Received 545 bytes from 192.58.128.30#53(j.root-servers.net) in 577 ms

yahoo.it.   10800   IN  NS  ns2.yahoo.com.
yahoo.it.   10800   IN  NS  ns1.yahoo.com.
yahoo.it.   10800   IN  NS  ns5.yahoo.com.
yahoo.it.   10800   IN  NS  ns7.yahoo.com.
yahoo.it.   10800   IN  NS  ns3.yahoo.com.
;; Received 136 bytes from 194.0.16.215#53(a.dns.it) in 136 ms

yahoo.it.   300 IN  A   106.10.212.24
yahoo.it.   300 IN  A   98.137.236.24
yahoo.it.   300 IN  A   77.238.184.24
yahoo.it.   300 IN  A   212.82.102.24
yahoo.it.   300 IN  A   74.6.50.24
yahoo.it.   86400   IN  NS  ns3.yahoo.com.
yahoo.it.   86400   IN  NS  ns2.yahoo.com.
yahoo.it.   86400   IN  NS  ns1.yahoo.com.
yahoo.it.   86400   IN  NS  ns4.yahoo.com.
yahoo.it.   86400   IN  NS  ns5.yahoo.com.
;; Received 380 bytes from 68.180.131.16#53(ns1.yahoo.com) in 173 ms

same problem... bind is too slow...

the situation change (very fast) if I use bind like resolver

forwarders {
8.8.8.8;
}

I don't understand why without resolver my bind is so slow... how I can
audit the problem?

thanks! :-)

>> but testing 127.0.0.1, bind keep also 4000/5000ms to resolve a query
>
>
>> forwarders {
>> 127.0.0.1;
>> }
>
> do you forward to yourself???

unfortunately looking for bind on internet there're many wrong howto :-/

Pol
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: forwarder (YES/NO)

2016-09-21 Thread Pol Hallen 

hello again!


try running dig +trace  and see how fast it runs. It should return
in about same time as BIND does (when it doesn't have anything in cache).


; <<>> DiG 9.10.3-P4-Debian <<>> +trace @192.168.1.212 yahoo.it
; (1 server found)
;; global options: +cmd
.   518367  IN  NS  d.root-servers.net.
.   518367  IN  NS  g.root-servers.net.
.   518367  IN  NS  e.root-servers.net.
.   518367  IN  NS  h.root-servers.net.
.   518367  IN  NS  b.root-servers.net.
.   518367  IN  NS  c.root-servers.net.
.   518367  IN  NS  a.root-servers.net.
.   518367  IN  NS  l.root-servers.net.
.   518367  IN  NS  i.root-servers.net.
.   518367  IN  NS  m.root-servers.net.
.   518367  IN  NS  k.root-servers.net.
.   518367  IN  NS  j.root-servers.net.
.   518367  IN  NS  f.root-servers.net.
.   518396  IN  RRSIG   NS 8 0 518400 
2016100417 2016092116 46551 . 
tZptpyBClVtkAbyo4NOR2MgHDoq67TlImcBVzZORhn7C2c557prmG42J 
sSPD8aZmisk3bbUJbmqFVFB/M2y/O4zjw3jBf42ujHce99VD3xCeJuk7 
boGW356J6c7JaApB02GRf3SGQIv7x6MVyBmGeKxAosEePlbfjg/8NPEY +y0=

;; Received 397 bytes from 192.168.1.212#53(192.168.1.212) in 2 ms

it. 172800  IN  NS  a.dns.it.
it. 172800  IN  NS  m.dns.it.
it. 172800  IN  NS  r.dns.it.
it. 172800  IN  NS  dns.nic.it.
it. 172800  IN  NS  nameserver.cnr.it.
it. 86400   IN  NSECitau. NS RRSIG NSEC
it. 86400   IN  RRSIG   NSEC 8 1 86400 
2016100417 2016092116 46551 . 
LL0eXWf22Lhhi5C0P+PX446JQH+GwCFhxU7tkUUF9wyG+pQ0eDCnpTu0 
vm0ww/3YycmNJwlF3IHJmLIh2l7htSW6G/o2/ozNbZU6RF9pMhKxQNrJ 
aE6hf4L+Ka1N5uNstgJzrE6pV9ouXOJmL0Epoa3gUnbSZcFHH5QrKbu6 AfQ=

;; Received 545 bytes from 192.58.128.30#53(j.root-servers.net) in 577 ms

yahoo.it.   10800   IN  NS  ns2.yahoo.com.
yahoo.it.   10800   IN  NS  ns1.yahoo.com.
yahoo.it.   10800   IN  NS  ns5.yahoo.com.
yahoo.it.   10800   IN  NS  ns7.yahoo.com.
yahoo.it.   10800   IN  NS  ns3.yahoo.com.
;; Received 136 bytes from 194.0.16.215#53(a.dns.it) in 136 ms

yahoo.it.   300 IN  A   106.10.212.24
yahoo.it.   300 IN  A   98.137.236.24
yahoo.it.   300 IN  A   77.238.184.24
yahoo.it.   300 IN  A   212.82.102.24
yahoo.it.   300 IN  A   74.6.50.24
yahoo.it.   86400   IN  NS  ns3.yahoo.com.
yahoo.it.   86400   IN  NS  ns2.yahoo.com.
yahoo.it.   86400   IN  NS  ns1.yahoo.com.
yahoo.it.   86400   IN  NS  ns4.yahoo.com.
yahoo.it.   86400   IN  NS  ns5.yahoo.com.
;; Received 380 bytes from 68.180.131.16#53(ns1.yahoo.com) in 173 ms

same problem... bind is too slow...

the situation change (very fast) if I use bind like resolver

forwarders {
8.8.8.8;
}

I don't understand why without resolver my bind is so slow... how I can 
audit the problem?


thanks! :-)


but testing 127.0.0.1, bind keep also 4000/5000ms to resolve a query




forwarders {
127.0.0.1;
}


do you forward to yourself???


unfortunately looking for bind on internet there're many wrong howto :-/

Pol
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: forwarder (YES/NO)

2016-09-21 Thread Matus UHLAR - fantomas 

so simply leave BIND running and see if it's better tomorrow...


On 21.09.16 09:29, Pol Hallen wrote:
seems better today, but how I realize if bind runs correclty? I mean: 
if the speed of it is normal or if there are lags?


try running dig +trace  and see how fast it runs. It should return
in about same time as BIND does (when it doesn't have anything in cache).

It will show you how the recursion works, and you can see where do the lags
come from.
 
Now I tested some domains, almost all are ok but 2 of these are 
slow... using @8.8.8.8 with these two are fast


Actually I commented:

// forwarders {
// 8.8.8.8; 8.8.4.4;
//}

but testing 127.0.0.1, bind keep also 4000/5000ms to resolve a query




forwarders {
127.0.0.1;
}


do you forward to yourself???

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
He who laughs last thinks slowest. 
___

Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: forwarder (YES/NO)

2016-09-21 Thread Pol Hallen 

so simply leave BIND running and see if it's better tomorrow...


hello,
seems better today, but how I realize if bind runs correclty? I mean: if 
the speed of it is normal or if there are lags?


Now I tested some domains, almost all are ok but 2 of these are slow... 
using @8.8.8.8 with these two are fast


Actually I commented:

// forwarders {
// 8.8.8.8; 8.8.4.4;
//}

but testing 127.0.0.1, bind keep also 4000/5000ms to resolve a query

forwarders {
127.0.0.1;
}

tcp0  0 127.0.0.1:953   0.0.0.0:* 
LISTEN  14163/named
tcp0  0 192.168.1.212:530.0.0.0:* 
LISTEN  14163/named
tcp0  0 127.0.0.1:530.0.0.0:* 
LISTEN  14163/named
tcp6   0  0 ::1:953 :::* 
LISTEN  14163/named
udp0  0 192.168.1.212:530.0.0.0:* 
   14163/named
udp0  0 127.0.0.1:530.0.0.0:* 
   14163/named



allow-query {
  192.168.1.0/24; 127.0.0.1;
  };

thanks for help!

Pol
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: forwarder (YES/NO)

2016-09-20 Thread Matus UHLAR - fantomas 

with 9.10, leave prefetch on and see...


On 20.09.16 15:12, Pol Hallen wrote:

I've 9.9.5 version on debian stable :-/


so simply leave BIND running and see if it's better tomorrow...



--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Remember half the people you know are below average. 
___

Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: forwarder (YES/NO)

2016-09-20 Thread Pol Hallen 

just leave bind running for some time.


:-)


with 9.10, leave prefetch on and see...


I've 9.9.5 version on debian stable :-/

thanks

Pol
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: forwarder (YES/NO)

2016-09-20 Thread Reindl Harald 



Am 20.09.2016 um 15:03 schrieb Pol Hallen:

what happend if you leave it working (without forwarders) for some time?
BIND should cache frequently used data and provide them quickly.


I don't know. I start now testing without forwarders and tonight I see


when you use google forwarder, the main difference is that most of those
data are probably already cached.


How can I replicate same thing?


by just ask bind for names it will cache the response as long as the TTL 
of the origin zone says - there is nothing to replicate, you share your 
cache in case of google with others


if you server don't have a name cached it's either asked the first time 
or long after the last question and hence it don't matter if it is a 
cache hit when the response is used only once or twice per day

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: forwarder (YES/NO)

2016-09-20 Thread Matus UHLAR - fantomas 

On 20.09.16 15:03, Pol Hallen wrote:

what happend if you leave it working (without forwarders) for some time?
BIND should cache frequently used data and provide them quickly.


I don't know. I start now testing without forwarders and tonight I see


when you use google forwarder, the main difference is that most of those
data are probably already cached.


How can I replicate same thing?


just leave bind running for some time.
with 9.10, leave prefetch on and see...

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Honk if you love peace and quiet. 
___

Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: forwarder (YES/NO)

2016-09-20 Thread Pol Hallen 

what happend if you leave it working (without forwarders) for some time?
BIND should cache frequently used data and provide them quickly.


I don't know. I start now testing without forwarders and tonight I see


when you use google forwarder, the main difference is that most of those
data are probably already cached.


How can I replicate same thing?

thanks for help!

Pol
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: forwarder (YES/NO)

2016-09-20 Thread Reindl Harald 



Am 20.09.2016 um 12:29 schrieb Pol Hallen:

without forwarder, using dig command, "query time" only on some domains
(I tested italian domains - I live in Italy) is 350-800ms, with
forwarder almost always is less 100ms (!)

I'd like have my BIND (no forwarder) that works for my lan :-)


which is the preferred setup


how can I optimize BIND speed? (or maybe I've a wrong config?)


you can't - if you have something not in the cache your nameserver does 
recursion asking other nameservers, the next time a client asks for the 
same name it's cached and answered within 1 ms


so often needed data are in your cache over time

the google dns is used by many people and so have likely a lot of stuff 
in hot caches combined with prefetch - on the other hand such a setup is 
completly unuseable for a mailserver using DNSBL/URIBL


another drawback of forwarders is that you never have the full TTL 
because it counts down form the first hit until the answer is refreshed 
and so you can end up in having 100 ms where the same question on your 
own caching server would be within the TTL and just 1 ms


anyways, you don't win much with forwarders and you have a lot of 
drawbacks like lay the heart of your network in somebodys hand which 
makes it hard to debug in case of troubles, the risk of cache poisioning 
is higher and when you have connectivity problems only to google your 
whole dns sucks


in short: after we stopped using forwarders all the random dns troubles 
"could not find.. in firefox" stopped

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: forwarder (YES/NO)

2016-09-20 Thread Matus UHLAR - fantomas 

On 20.09.16 12:29, Pol Hallen wrote:

I've a quad core 2.4Ghz with standard italian DSL

I tested BIND with either forwarder activated and disactivated

  forwarders {
  8.8.8.8; 8.8.4.4;
  };

without forwarder, using dig command, "query time" only on some 
domains (I tested italian domains - I live in Italy) is 350-800ms, 
with forwarder almost always is less 100ms (!)


I'd like have my BIND (no forwarder) that works for my lan :-)

how can I optimize BIND speed? (or maybe I've a wrong config?)


what happend if you leave it working (without forwarders) for some time?
BIND should cache frequently used data and provide them quickly.

when you use google forwarder, the main difference is that most of those
data are probably already cached.

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I wonder how much deeper the ocean would be without sponges. 
___

Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users