On 2014-07-14 19:33, Per Jessen wrote:
Carlos E. R. wrote:
When I did the same, I got this:
I'm now getting a similar one, too.
Despite me having on /etc/named.conf
forwarders { 80.58.61.250; 80.58.61.254; 208.67.222.222; 8.8.8.8; }; forward first;
it is asking the root servers.
Add '+trace' to your dig options, then try again. I have seen the same result sometimes, I don't know why, but usually +trace will tell you exactly what was queried etc.
Ah. Yes, I forgot that one.
cer@Telcontar:~> dig +trace smtp.telefonica.net
; <<>> DiG 9.9.4-rpz2.13269.14-P2 <<>> +trace smtp.telefonica.net ;; global options: +cmd . 13036 IN NS b.root-servers.net. . 13036 IN NS i.root-servers.net. . 13036 IN NS f.root-servers.net. . 13036 IN NS k.root-servers.net. . 13036 IN NS j.root-servers.net. . 13036 IN NS a.root-servers.net. . 13036 IN NS h.root-servers.net. . 13036 IN NS e.root-servers.net. . 13036 IN NS d.root-servers.net. . 13036 IN NS l.root-servers.net. . 13036 IN NS c.root-servers.net. . 13036 IN NS m.root-servers.net. . 13036 IN NS g.root-servers.net. . 274158 IN RRSIG NS 8 0 518400 20140718000000 20140710230000 8230 . op58oBsyuAXbwW21UhSYx0Tlf+cqFAhukCd8G6gYuklLD8VlihgAe69e f9+jTZU5O2F9l9u5izYQecpIOOQf3TeyK9VwH1K24pjqde8vgyvFZniK Wamql+IcBrMntpstPhP5gbePC9Px+YYYlVZ4d8dM/wKXw3ZMyxTASaUh LGM= ;; Received 913 bytes from 192.168.1.14#53(192.168.1.14) in 1762 ms
net. 172800 IN NS a.gtld-servers.net. net. 172800 IN NS b.gtld-servers.net. net. 172800 IN NS c.gtld-servers.net. net. 172800 IN NS d.gtld-servers.net. net. 172800 IN NS e.gtld-servers.net. net. 172800 IN NS f.gtld-servers.net. net. 172800 IN NS g.gtld-servers.net. net. 172800 IN NS h.gtld-servers.net. net. 172800 IN NS i.gtld-servers.net. net. 172800 IN NS j.gtld-servers.net. net. 172800 IN NS k.gtld-servers.net. net. 172800 IN NS l.gtld-servers.net. net. 172800 IN NS m.gtld-servers.net. net. 86400 IN DS 35886 8 2 7862B27F5F516EBE19680444D4CE5E762981931842C465F00236401D 8BD973EE net. 86400 IN RRSIG DS 8 1 86400 20140721000000 20140713230000 8230 . hldv3ZmwyI9DRXgT5nLrpUWdWo7GBj0mDuzOGjeI6nvkFyipte81unBs WjzcGg8HYe3bWqoxLlSYYrDuLC6iF1TAZO0x67KTLIRyWXnQfJ3mZ23B ofPCDvbUzfAfJSPD+7AlfXewuPSFTd3PkWrprdJsx/jzp3Xk2pO5UNh6 smI= ;; Received 740 bytes from 192.58.128.30#53(j.root-servers.net) in 1207 ms
telefonica.net. 172800 IN NS artemis.ttd.net. telefonica.net. 172800 IN NS marianela.tsm.es. A1RT98BS5QGC9NFI51S9HCI47ULJG6JH.net. 86400 IN NSEC3 1 1 0 - A1RUUFFJKCT2Q54P78F8EJGJ8JBK7I8B NS SOA RRSIG DNSKEY NSEC3PARAM A1RT98BS5QGC9NFI51S9HCI47ULJG6JH.net. 86400 IN RRSIG NSEC3 8 2 86400 20140720045242 20140713034242 28829 net. ofaElVWkIRiDy4pig1jkaDSzPquUyCa4r42dyX/4XS9Iat+Yq2Dj/ZnB JDPPzML9nyrvUNEVnGNlMH9gTIjcI0S+8uswp2JYkSj0Ehy2lBD8l4ih rC50D6ipg5EjamyC+CwY2PfFbwWF3oU9LLoo2ETGVDhD7JQ9/fH7hbNT 0Ms= AS5B4OTLCDJL1A0LTE25I08AP8R6R3GM.net. 86400 IN NSEC3 1 1 0 - AS637D1KGJ6QJLHQN5SR8DM905KVGFG9 NS DS RRSIG AS5B4OTLCDJL1A0LTE25I08AP8R6R3GM.net. 86400 IN RRSIG NSEC3 8 2 86400 20140721045414 20140714034414 28829 net. dJjhB9d0dnxHccfe/WeTAnt46aWqoOgLPREUWyWK2f5ExoZye7EfhPKt O/XMBS2OdA7R3Hq2vNFsqqLYI/5DdPZ+r/Q4q7Z6//KCq3tx6Q5FHagd Hg1yDgFCWg9kUXqQCqk/6dEvEGxCz6IIYCPlK05iUVUPt8jEI0KlodPI e7Q= ;; Received 605 bytes from 192.12.94.30#53(e.gtld-servers.net) in 243 ms
smtp.telefonica.net. 300 IN A 86.109.99.70 telefonica.net. 300 IN NS marianela.tsm.es. telefonica.net. 300 IN NS artemis.ttd.net. ;; Received 152 bytes from 213.0.184.69#53(artemis.ttd.net) in 55 ms
cer@Telcontar:~>
It takes about five seconds... I tried 2 or three times, and every time it tries a different route, but starting at the root servers. This command does not appear to cache the answer. "host -v ..." does.
In fact, that's one of the addresses that nags me, because when I want to send an email during a busy time (full pipe), they fail simply because my postfix can not verify my own email address. Even if I did send an email a while before, it doesn't remember the address. And it is bind, no memory restraints. Not the router.
The first cache is in nscd, then bind, then uplink name-servers.
Yep.
I know they are different; but the current problem, which is simply getting queries done, is basically the same: the router performance when the ADSL pipe is full.
It is an interesting issue, definitely - even if it may not be worth pursuing.
Ok, but none of that benefits me at present. The basic problem is that my router does not do QoS, and does not prioritize DNS packets. So when the pipe is full, they don't get out, or in, simple as that...
Just out of curiosity, have you tried assigning a QoS class to port 53 (on the originating machine) ? It is easily done with iptables.
No, I haven't. I would have to study how to do it. But it would only benefit one machine, not the rest in the house. If it works I could apply the same thing to all Linus computers, but not to the "gadgets". By the way, in the bandwith adjustment on my router, which I posted before, I have reserved a minimal bandwidth to to my local machines to connect to outside on port 53. However, the router itself is excluded from the list... the configuration form rejects it. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)