Re: Resolving or blocking eg. doubleclick.net?
# [EMAIL PROTECTED] / 2003-02-12 14:43:37 +0100: On Wednesday 12 February 2003 13:15, Daniel Bye wrote: At a shell prompt, try $ time host doubleclick.net $ time host dk.doubleclick.net dk.doubleclick.net mail is handled (pri=10) by relay2.doubleclick.net dk.doubleclick.net mail is handled (pri=10) by relay1.doubleclick.net real0m0.269s user0m0.000s sys 0m0.005s $ time host dk.doubleclick.net dk.doubleclick.net mail is handled (pri=10) by relay1.doubleclick.net dk.doubleclick.net mail is handled (pri=10) by relay2.doubleclick.net real0m0.009s user0m0.004s sys 0m0.001s So, it's safe to assume my cache is working? ... and perhaps, resolving doubleclick.net et al isn't the issue? But looks like the cache expires after a couple of minutes? That's something you can easily check by trying to resolve the name a couple of minutes later. :) But that would be a lame test, and you wouldn't really know any hard data. This is authoritative: roman@freepuppy ~ 1011:1 dnsq a doubleclick.net ns2.dcny.doubleclick.net|grep ^answer answer: doubleclick.net 300 A 199.95.206.210 roman@freepuppy ~ 1012:0 so yes. the A RR for doubleclick.net has TTL of 300 seconds. somewhat stupid if you ask me. I would suggest you to configure your DNS cache so that it forwards queries to your ISP's caches. That'll buy you some time. -- If you cc me or remove the list(s) completely I'll most likely ignore your message.see http://www.eyrie.org./~eagle/faqs/questions.html To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: Resolving or blocking eg. doubleclick.net?
On Wednesday 12 February 2003 18:12, Marc Schneiders wrote: On Wed, 12 Feb 2003, at 14:53 [=GMT+0100], Bjarne Wichmann Petersen wrote: $TTL 36000 @ IN SOA frodo.my.domain. root.frodo.my.domain. ( 1 ; serial 36000 ; refresh 18000 ; retry 1209600; expire 36000 ; minimum ) NS frodo.my.domain. @ IN A127.0.0.1 * IN A127.0.0.1 localhost IN A127.0.0.1 Works! ... well actually uncommenting the zone-entry in named.conf helped a lot! ... Now browsing the web flies! ;) Thanks to all! Bjarne -- Homepage: http://www.mekanix.dk To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Resolving or blocking eg. doubleclick.net?
On Wednesday 12 February 2003 10:43, Frank Tegtmeyer wrote: 3) Since I'm only aiming for a dns-cache I'm right in assuming I should keep my hands away from all the zone-stuff? Much better: follow the instructions in http://cr.yp.to/djbdns/install.html and http://cr.yp.to/djbdns/run-cache.html and then forget any dns- and dns related security problems. Tried it, but really got confused trying to install it. Ended up having a service dir created all over my system. Never got it to work. But looks like I got bind working (my firewall blocked quiries), but it doesn't look like a dnscache is solving my problem. *Still* takes forever for my box to resolve eg. doubleclick.net. This is *REALLY* getting on my nerves to sit and wait ½-5 minutes for a page to load because some unresolvable server is blocking. Anyone know how to solve this issue? And where *does* named/bind store it's cache-data? Bjarne -- Homepage: http://www.mekanix.dk To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: Resolving or blocking eg. doubleclick.net?
On Wednesday 12 February 2003 10:43, Frank Tegtmeyer wrote: 3) Since I'm only aiming for a dns-cache I'm right in assuming I should keep my hands away from all the zone-stuff? Much better: follow the instructions in http://cr.yp.to/djbdns/install.html and http://cr.yp.to/djbdns/run-cache.html and then forget any dns- and dns related security problems. Tried it, but really got confused trying to install it. Ended up having a service dir created all over my system. Never got it to work. But looks like I got bind working (my firewall blocked quiries), but it doesn't look like a dnscache is solving my problem. *Still* takes forever for my box to resolve eg. doubleclick.net. This is *REALLY* getting on my nerves to sit and wait ½-5 minutes for a page to load because some unresolvable server is blocking. Anyone know how to solve this issue? And where *does* named/bind store it's cache-data? Bjarne One option... cheat Make your dns server authoritative for doubleclick.net, and have no entries (or optionally your own web server as an * entry) in the zone file. named stores it's cache in memory. You can get a dump of the current cache.. don't remember the exact syntax but it's in the man page. --daxbert To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: Resolving or blocking eg. doubleclick.net?
On Wed, Feb 12, 2003 at 11:09:33AM +0100, Bjarne Wichmann Petersen wrote: On Wednesday 12 February 2003 10:43, Frank Tegtmeyer wrote: 3) Since I'm only aiming for a dns-cache I'm right in assuming I should keep my hands away from all the zone-stuff? Much better: follow the instructions in http://cr.yp.to/djbdns/install.html and http://cr.yp.to/djbdns/run-cache.html and then forget any dns- and dns related security problems. Tried it, but really got confused trying to install it. Ended up having a service dir created all over my system. Never got it to work. But looks like I got bind working (my firewall blocked quiries), but it doesn't look like a dnscache is solving my problem. *Still* takes forever for my box to resolve eg. doubleclick.net. This is *REALLY* getting on my nerves to sit and wait ½-5 minutes for a page to load because some unresolvable server is blocking. Anyone know how to solve this issue? I have just tried to resolve doubleclick.net, and the first hit took around three seconds. Thereafter, with it cachedi locally, it came back in at most 0.02 seconds. I reckon your best bet is to persevere - does the cache demonstrate any advantage at all? I put my upstream (ISP's) caches in the forwarders section in named.conf. While not strictly necessary, as already pointed out, it can give you the advantage of tapping into a huge set of cached data on your ISP's servers. Suck it and see - I cannot believe that you are the only person connecting through your ISP who gets pelted with these bloody ads from doubleclick. Check for messages in /var/log/messages, or whatever file your named logs to. And where *does* named/bind store it's cache-data? In RAM, where it's most useful. Using the (r)ndc utility, you can make it dump its cache to a predefined file if you ever fancy taking a stroll through it. -- Daniel Bye PGP Key: ftp://ftp.slightlystrange.org/pgpkey/dan.asc PGP Key fingerprint: 3D73 AF47 D448 C5CA 88B4 0DCF 849C 1C33 3C48 2CDC _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: Resolving or blocking eg. doubleclick.net?
Bjarne Wichmann Petersen [EMAIL PROTECTED] writes: Tried it, but really got confused trying to install it. Ended up having a service dir created all over my system. Never got it to work. Dan Bernstein is always interested to hear about difficulties with his instructions. You have to follow the instructions to the letter. I never saw something go wrong, so it's likely you missed a phrase or sentence. I recommend trying again. BIND is a pain compared to dnscache. Regarding your problem: resolving ad.doubleclick.net takes about 0.5s at my ADSL connection - with an empty cache. I think your problem is possibly at the network layer. What results give the following commands? dig @205.138.3.20 ad.doubleclick.net dig @208.211.225.10 ad.doubleclick.net dig @204.176.177.10 ad.doubleclick.net dig @204.253.104.10 ad.doubleclick.net You should get a CNAME answer and an additional section. You may try then one of the nameservers of the additional section and the given CNAME. Regards, Frank To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: Resolving or blocking eg. doubleclick.net?
On Wednesday 12 February 2003 11:18, Dax Eckenberg wrote: is your problem with DNS in general? or doubleclick.net specifically? Sites running banners from doubleclick.net and a few others. Bjarne -- Homepage: http://www.mekanix.dk To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: Resolving or blocking eg. doubleclick.net?
On Wednesday 12 February 2003 11:17, Daxbert wrote: One option... cheat Make your dns server authoritative for doubleclick.net, and have no entries (or optionally your own web server as an * entry) in the zone file. So, would that mean I should create an entry in named.conf like: zone doubleclick.net { type master; file doubleclick.net; }; and then don't have a doubleclick.net ... or should I create an empty file? ... or? named stores it's cache in memory. You can get a dump of the current cache.. don't remember the exact syntax but it's in the man page. Hmm, so every time I reboot I loose my cache? But still, if I visit eg. http://www.politiken.dk and wait untill it's loaded (ie. finished resolving doubleclick.net) and then hit reload it ought to go a lot quicker. But it doesn't, takes just as long. :-/ Bjarne -- Homepage: http://www.mekanix.dk To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: Resolving or blocking eg. doubleclick.net?
On Wednesday 12 February 2003 11:17, Daxbert wrote: One option... cheat Make your dns server authoritative for doubleclick.net, and have no entries (or optionally your own web server as an * entry) in the zone file. So, would that mean I should create an entry in named.conf like: zone doubleclick.net { type master; file doubleclick.net; }; and then don't have a doubleclick.net ... or should I create an empty file? ... or? named stores it's cache in memory. You can get a dump of the current cache.. don't remember the exact syntax but it's in the man page. Hmm, so every time I reboot I loose my cache? But still, if I visit eg. http://www.politiken.dk and wait untill it's loaded (ie. finished resolving doubleclick.net) and then hit reload it ought to go a lot quicker. But it doesn't, takes just as long. :-/ Bjarne I do this in named.conf... zone atdmt.com { type master; file db.empty_zone; }; zone doubleclick.net { type master; file db.empty_zone; }; then, I have a single file called db.emtpy_zone $TTL 36000 @ IN SOA my.dns.server. email.address.i.use.in.zones. ( 1 ; serial 36000 ; refresh 18000 ; retry 1209600; expire 36000 ; minimum ) NS my.dns.server. * A 1.1.1.1 ; NOTE: The 1.1.1.1 A record is optional. If you use this, you should point it to your own web server. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: Resolving or blocking eg. doubleclick.net?
On Wednesday 12 February 2003 11:17, Daxbert wrote: One option... cheat Make your dns server authoritative for doubleclick.net, and have no entries (or optionally your own web server as an * entry) in the zone file. So, would that mean I should create an entry in named.conf like: zone doubleclick.net { type master; file doubleclick.net; }; and then don't have a doubleclick.net ... or should I create an empty file? ... or? named stores it's cache in memory. You can get a dump of the current cache.. don't remember the exact syntax but it's in the man page. Hmm, so every time I reboot I loose my cache? But still, if I visit eg. http://www.politiken.dk and wait untill it's loaded (ie. finished resolving doubleclick.net) and then hit reload it ought to go a lot quicker. But it doesn't, takes just as long. :-/ Bjarne about takes just as long Are you sure it's the DNS resolution that's slowing you down? and not the javascript download / cookie transfer / ad picture issues with doubleclick? If you use the empty zone trick, you should no longer have these delays. But pages may not render as expected. ( e.g. [x] images ) --daxbert To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: Resolving or blocking eg. doubleclick.net?
On Wednesday 12 February 2003 11:22, Daniel Bye wrote: I have just tried to resolve doubleclick.net, and the first hit took around three seconds. Thereafter, with it cachedi locally, it came back in at most 0.02 seconds. I reckon your best bet is to persevere - does the cache demonstrate any advantage at all? No advantage at all. What do you mean by persevere? I put my upstream (ISP's) caches in the forwarders section in named.conf. While not strictly necessary, as already pointed out, it can give you the advantage of tapping into a huge set of cached data on your ISP's servers. Suck it and see - I cannot believe that you are the only person connecting through your ISP who gets pelted with these bloody ads from doubleclick. Have added them, without seeing any difference in performance. But it does make my tcpdump more readable. Check for messages in /var/log/messages, or whatever file your named logs to. /var/log/messages reports nothing unusual. Haven't told named to log somewhere else. Bjarne -- Homepage: http://www.mekanix.dk To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: Resolving or blocking eg. doubleclick.net?
On Wed, Feb 12, 2003 at 01:01:14PM +0100, Bjarne Wichmann Petersen wrote: On Wednesday 12 February 2003 11:22, Daniel Bye wrote: I have just tried to resolve doubleclick.net, and the first hit took around three seconds. Thereafter, with it cachedi locally, it came back in at most 0.02 seconds. I reckon your best bet is to persevere - does the cache demonstrate any advantage at all? No advantage at all. What do you mean by persevere? Keep on trying! Sounds as though you are looking at problems somewhere other than DNS. At a shell prompt, try $ time host doubleclick.net a few times, and see what sort of reponse times you get. As a previous poster has said, the problem may be more to do with downloading phat content than with getting DNS resolution. Are you having similar problems with other DNS records? What do you have in /etc/resolv.conf? I put my upstream (ISP's) caches in the forwarders section in named.conf. While not strictly necessary, as already pointed out, it can give you the advantage of tapping into a huge set of cached data on your ISP's servers. Suck it and see - I cannot believe that you are the only person connecting through your ISP who gets pelted with these bloody ads from doubleclick. Have added them, without seeing any difference in performance. But it does make my tcpdump more readable. A happy side effect ;-) Check for messages in /var/log/messages, or whatever file your named logs to. /var/log/messages reports nothing unusual. Haven't told named to log somewhere else. Bjarne -- Homepage: http://www.mekanix.dk -- Daniel Bye PGP Key: ftp://ftp.slightlystrange.org/pgpkey/dan.asc PGP Key fingerprint: 3D73 AF47 D448 C5CA 88B4 0DCF 849C 1C33 3C48 2CDC _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: Resolving or blocking eg. doubleclick.net?
On Wednesday 12 February 2003 13:15, Daniel Bye wrote: On Wed, Feb 12, 2003 at 01:01:14PM +0100, Bjarne Wichmann Petersen wrote: On Wednesday 12 February 2003 11:22, Daniel Bye wrote: I have just tried to resolve doubleclick.net, and the first hit took around three seconds. Thereafter, with it cachedi locally, it came back in at most 0.02 seconds. I reckon your best bet is to persevere - does the cache demonstrate any advantage at all? No advantage at all. What do you mean by persevere? Keep on trying! Sounds as though you are looking at problems somewhere other than DNS. Might be, but don't know what that should be. I'm having issues with both my freebsd setup. One on my primary desktop, with a setup that have been refined the more I learn about FreeBSD. The second is a vanilla setup with nothing special added. I'm not having issues with Windows in that regard (on the same HW). Tried disabling my firewall, didn't change anything. Someone a couple of month back told me that it was because FreeBSD made it's inquiries in IPv6 which doubleclick.net don't support... or something like that. And the solution would be to set up a cache. Well, might have mixed something up. I'm at loss to where to look else. The browser? Konq and phoenix/mozilla shows the same stalling behavior *BUT* opera loads and display http://www.politiken.dk in a snap. Hmm... what is opera doing differently? At a shell prompt, try $ time host doubleclick.net $ time host dk.doubleclick.net dk.doubleclick.net mail is handled (pri=10) by relay2.doubleclick.net dk.doubleclick.net mail is handled (pri=10) by relay1.doubleclick.net real0m0.269s user0m0.000s sys 0m0.005s $ time host dk.doubleclick.net dk.doubleclick.net mail is handled (pri=10) by relay1.doubleclick.net dk.doubleclick.net mail is handled (pri=10) by relay2.doubleclick.net real0m0.009s user0m0.004s sys 0m0.001s So, it's safe to assume my cache is working? ... and perhaps, resolving doubleclick.net et al isn't the issue? But looks like the cache expires after a couple of minutes? a few times, and see what sort of reponse times you get. As a previous poster has said, the problem may be more to do with downloading phat content than with getting DNS resolution. May be. But it's some fat content that doesn't show at my end. Both my CPU and connection looks pretty idle while retreiving the content. And since explorer have no issues, I'm not sure I'd buy into that explanation. Are you having similar problems with other DNS records? Other than doubleclick.net? A few other, though I can't recall which. Usually site with graphics/banners/content from a slew of servers. What do you have in /etc/resolv.conf? Right now, just nameserver 127.0.0.1. Bjarne -- Homepage: http://www.mekanix.dk To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: Resolving or blocking eg. doubleclick.net?
On Wednesday 12 February 2003 12:43, Daxbert wrote: I do this in named.conf... I'm still getting it to resolve *.doubleclick.net zone doubleclick.net { type master; file db.empty_zone; }; This I just cut'n'pasted. My /etc/named/db.empty_zone looks like this: $TTL 36000 @ IN SOA frodo.my.domain. root.frodo.my.domain. ( 1 ; serial 36000 ; refresh 18000 ; retry 1209600; expire 36000 ; minimum ) NS frodo.my.domain. frodo.my.domain is my hostname set in rc.conf. Is this correct? Bjarne -- Homepage: http://www.mekanix.dk To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: Resolving or blocking eg. doubleclick.net?
On Wednesday 12 February 2003 14:43, Bjarne Wichmann Petersen wrote: I'm at loss to where to look else. The browser? Konq and phoenix/mozilla shows the same stalling behavior *BUT* opera loads and display http://www.politiken.dk in a snap. Hmm... what is opera doing differently? Javascript? Just tried to turn off javascript on politiken.dk... makes the main-page render fast... but some graphics/banner still makes it stalling for the rest of the page-rendering? Bjarne -- Homepage: http://www.mekanix.dk To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: Resolving or blocking eg. doubleclick.net?
On Wed, 12 Feb 2003, at 14:53 [=GMT+0100], Bjarne Wichmann Petersen wrote: $TTL 36000 @ IN SOA frodo.my.domain. root.frodo.my.domain. ( 1 ; serial 36000 ; refresh 18000 ; retry 1209600; expire 36000 ; minimum ) NS frodo.my.domain. @ IN A127.0.0.1 * IN A127.0.0.1 localhost IN A127.0.0.1 To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message