Re: Reliability and performance on a simple caching BIND9 server for uncached queries

2011-03-12 Thread Mark Andrews 

In message aanlktiku23pyyjizeddlmmoi7rwvbuxp8wxoudeow...@mail.gmail.com, Khou
ry Brazil writes:
 Hi,
 
 I've noticed some speed and reliability issues with my BIND9 boxes
 relating to uncached external queries. External queries that return NX
 seem to be the worst offenders in these tests and are what I've
 focused on during my testing. I've confirmed it using a simple
 benchmarking tool called DNS Benchmark and some simple testing on my
 part. DNS Benchmark points out that my BIND9 boxes aren't reliable
 because lookup requests that are dropped and ignored by nameservers
 cause significant delays in Internet access to quote the software.
 DNS Benchmark compares your name servers against external name servers
 and it shows my boxes as 86% reliable compared to the general list
 (which includes the level 3 servers, Cox, Symantec, etc) which are,
 for the most part at 100%. I'm guessing this has to do with the
 software timing out.
 
 Doing a simple test using nslookup doing uncached external lookups (on
 ubuntu and one windows client):
 No delay using nslookup or dig directly from my bind boxes to the
 external name servers. This indicates to me that the bottle neck
 doesn't exist between my internal and ISP's name servers.
 No delay when using nslookup or dig from a client machine on my
 network to the external name servers. This indicates to me that the
 client isn't the issue.
 A long delay with ubuntu clients looking up against my internal BIND
 boxes; Timeouts with Windows and nslookup (due to its shorter
 timeout).
 
 Internal queries are fast using all of the above tests (the BIND box
 forwards to different internal name servers that are authoritative for
 our internal name space). This indicates to me that it isn't my bind
 boxes being slow in general.
 
 Is it normal to see slow responses when querying for uncached
 non-existent domains? I've noticed that other external queries could
 be faster, but these are really bad. When I query my internal bind
 boxes that are authoritative for my internal domain directly they
 respond instantly for NX domains. I don't admin those though so have
 no insight into their configuration beyond the fact that they run on
 some nix flavor and are BIND* boxes.
 
 Thanks for any insight.

Try asking your ISP's nameserver with dig +dnssec.   I suspect that
your firewall/NAT doesn't handle the larger responses.

 ___
 bind-users mailing list
 bind-users@lists.isc.org
 https://lists.isc.org/mailman/listinfo/bind-users
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reliability and performance on a simple caching BIND9 server for uncached queries

2011-03-11 Thread Khoury Brazil 
Hi,

I've noticed some speed and reliability issues with my BIND9 boxes
relating to uncached external queries. External queries that return NX
seem to be the worst offenders in these tests and are what I've
focused on during my testing. I've confirmed it using a simple
benchmarking tool called DNS Benchmark and some simple testing on my
part. DNS Benchmark points out that my BIND9 boxes aren't reliable
because lookup requests that are dropped and ignored by nameservers
cause significant delays in Internet access to quote the software.
DNS Benchmark compares your name servers against external name servers
and it shows my boxes as 86% reliable compared to the general list
(which includes the level 3 servers, Cox, Symantec, etc) which are,
for the most part at 100%. I'm guessing this has to do with the
software timing out.

Doing a simple test using nslookup doing uncached external lookups (on
ubuntu and one windows client):
No delay using nslookup or dig directly from my bind boxes to the
external name servers. This indicates to me that the bottle neck
doesn't exist between my internal and ISP's name servers.
No delay when using nslookup or dig from a client machine on my
network to the external name servers. This indicates to me that the
client isn't the issue.
A long delay with ubuntu clients looking up against my internal BIND
boxes; Timeouts with Windows and nslookup (due to its shorter
timeout).

Internal queries are fast using all of the above tests (the BIND box
forwards to different internal name servers that are authoritative for
our internal name space). This indicates to me that it isn't my bind
boxes being slow in general.

Is it normal to see slow responses when querying for uncached
non-existent domains? I've noticed that other external queries could
be faster, but these are really bad. When I query my internal bind
boxes that are authoritative for my internal domain directly they
respond instantly for NX domains. I don't admin those though so have
no insight into their configuration beyond the fact that they run on
some nix flavor and are BIND* boxes.

Thanks for any insight.
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users