bind 8 slow inside freebsd jail
From: adp (dap99_at_i-55.com)
Date: 05/04/04
- Previous message: Darrell Blake: "No Mouse"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To: <questions@freebsd.org> Date: Tue, 4 May 2004 10:56:01 -0500
I am running bind 8 inside a FreeBSD 4.9 jail. For some reason responses
from our internal DNS servers (all of which run in jails) are very slow when
resolving external hostnames. Here are some little factoids:
1. resolution of internal domain works great. it takes less than 1 second.
2. resolution of an external domain is very slow or times out.
3. resolution of an external domain that is in the dns server's cache is
fast.
So the problem with in trying to resolve external domains for the first
time.
I think this is related to our FreeBSD jail setup in some way because
frankly I can't figure out anything else.
We are using forwarders. If I dig with them the response is < 1 second.
If I just dig for my root hints from our internal DNS servers it takes up to
20 seconds:
# date; dig @ns2; date
Tue May 4 10:50:18 CDT 2004
; <<>> DiG 8.3 <<>> @ns2
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27736
;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 13
;; QUERY SECTION:
;; ., type = NS, class = IN
;; ANSWER SECTION:
. 4d20h36m13s IN NS L.ROOT-SERVERS.NET.
. 4d20h36m13s IN NS M.ROOT-SERVERS.NET.
. 4d20h36m13s IN NS A.ROOT-SERVERS.NET.
...
...
;; Total query time: 6 msec
;; FROM: ns.domain.com to SERVER: 192.168.42.78
;; WHEN: Tue May 4 10:50:38 2004
;; MSG SIZE sent: 17 rcvd: 436
Tue May 4 10:50:38 CDT 2004
Has anyone seen this before? Our DNS servers ran fine, but then we went with
FreeBSD jails and our response time seems to have gone way, way down.
The server hosting the dns server has no real firewall:
# ipfw l
00100 allow ip from any to any via lo0
00200 deny ip from any to 127.0.0.0/8
00300 deny ip from 127.0.0.0/8 to any
65000 allow ip from any to any
65535 deny ip from any to any
And isn't heavily loaded:
# uptime
10:53AM up 13 days, 12:02, 1 user, load averages: 0.19, 0.32, 0.32
network buffers seem fine:
# netstat -m
32/544/18304 mbufs in use (current/peak/max):
32 mbufs allocated to data
26/492/4576 mbuf clusters in use (current/peak/max)
1120 Kbytes allocated to network (8% of mb_map in use)
0 requests for memory denied
0 requests for memory delayed
0 calls to protocol drain routines
My root hints was just refreshed.
My named.conf options {} :
options {
directory "/etc/namedb";
listen-on { 192.168.42.78; };
forward first;
forwarders {
aa.bb.cc.dd;
ee.ff.gg.hh;
};
allow-transfer {
127.0.0.1;
192.168.42.0/24;
};
allow-recursion {
127.0.0.1;
192.168.42.0/24;
};
//fetch-glue no;
// we have a firewall between us and the Internet, so let's
// go ahead and define our query source port
query-source address 192.168.42.78 port 53;
//named-xfer "/usr/libexec/named-xfer";
};
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
- Previous message: Darrell Blake: "No Mouse"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
