Hi all, I set up named to be my caching dns, and changed my resolv.conf to 127.0.0.1 only but now if i "dig www.google.com" first time it takes 500ms second time 1ms, and if i wait 15min and try again it's 500ms again. Can anyone tell me what's the problem and why it doesnt cache the ip's for longer? Also shouldnt there be files in var/log since in named.conf there are two setting for logging. dump-file "/var/log/named_dump.db"; statistics-file "/var/log/named.stats"; Thanx
On Sat, May 28, 2005 at 09:16:08PM +0200, Marko wrote:
Hi all, I set up named to be my caching dns, and changed my resolv.conf to 127.0.0.1 only but now if i "dig www.google.com" first time it takes 500ms second time 1ms, and if i wait 15min and try again it's 500ms again. Can anyone tell me what's the problem and why it doesnt cache the ip's for longer?
This is expected behaviour. TTL for www.google.com is 900 seconds, that is why this record expires from the cache in 15 minutes and then named has to resolve it again starting from TLD servers. -Kastus
On Saturday 28 May 2005 21:16, Marko wrote:
Hi all, I set up named to be my caching dns, and changed my resolv.conf to 127.0.0.1 only but now if i "dig www.google.com" first time it takes 500ms second time 1ms, and if i wait 15min and try again it's 500ms again. Can anyone tell me what's the problem and why it doesnt cache the ip's for longer? Also shouldnt there be files in var/log since in named.conf there are two setting for logging. dump-file "/var/log/named_dump.db"; statistics-file "/var/log/named.stats";
The length of time the IP addresses are cached is a setting on the remote side. google.com is behind a rotating DNS, the IP you receive changes frequently. It's a form of load balancing. So google has configured their DNS to request a very short caching, to force DNS servers to update 500ms is a very long time for a lookup though, it's half a second if my math doesn't fail me completely, and that is way too long. Are you using a forwarder or do you have named to do the lookups itself? If so, is the forwarder DNS that slow? If it isn't, you could try disabling IPv6. If it is, you could try setting your DNS to do its own lookup (if your ISP allows it) The logs you mention aren't created automatically. Have a look at the rndc utility. You need to run commands like "rndc dumpdb" and "rndc stats"
On Saturday 28 May 2005 21:40, Anders Johansson wrote:
On Saturday 28 May 2005 21:16, Marko wrote:
Hi all, I set up named to be my caching dns, and changed my resolv.conf to 127.0.0.1 only but now if i "dig www.google.com" first time it takes 500ms second time 1ms, and if i wait 15min and try again it's 500ms again. Can anyone tell me what's the problem and why it doesnt cache the ip's for longer? Also shouldnt there be files in var/log since in named.conf there are two setting for logging. dump-file "/var/log/named_dump.db"; statistics-file "/var/log/named.stats";
The length of time the IP addresses are cached is a setting on the remote side. google.com is behind a rotating DNS, the IP you receive changes frequently. It's a form of load balancing. So google has configured their DNS to request a very short caching, to force DNS servers to update
500ms is a very long time for a lookup though, it's half a second if my math doesn't fail me completely, and that is way too long. Are you using a forwarder or do you have named to do the lookups itself? If so, is the forwarder DNS that slow? If it isn't, you could try disabling IPv6. If it is, you could try setting your DNS to do its own lookup (if your ISP allows it)
The logs you mention aren't created automatically. Have a look at the rndc utility. You need to run commands like "rndc dumpdb" and "rndc states"
Hi thx for the help, i commented forwarders out in named.conf and im using 127.0.0.1 as my DNS server. I tried typing "rndc dumpdb" and "rndc states" but nothing happens and the man page doesnt tell you much. Ill try disabling ipv6 and see what happens. Also is there a file or db where named stores it's ip's and hosts? Tnx
On Sat, 2005-05-28 at 21:57 +0200, Marko wrote:
On Saturday 28 May 2005 21:40, Anders Johansson wrote:
it)
The logs you mention aren't created automatically. Have a look at the rndc utility. You need to run commands like "rndc dumpdb" and "rndc states"
Hi thx for the help, i commented forwarders out in named.conf and im using 127.0.0.1 as my DNS server. I tried typing "rndc dumpdb" and "rndc states" but nothing happens and the man page doesnt tell you much. Ill try disabling ipv6 and see what happens. Also is there a file or db where named stores it's ip's and hosts? Tnx
Did you look under /var/lib/named/log/ for the log file? That's where mine went. -- Ken Schneider UNIX since 1989, linux since 1994, SuSE since 1998 "The day Microsoft makes something that doesn't suck is probably the day they start making vacuum cleaners." -Ernst Jan Plugge
Yes, the log's are there now. I just didnt check :) so how do i know that named is doing it's job and whats the advantage of having it if it all the records expire in 15min? Also should i set forwarders to my ISP DNS's and if so must it be forward only; or forward first; Thanx On Saturday 28 May 2005 22:20, Anders Johansson wrote:
On Saturday 28 May 2005 21:57, Marko wrote:
127.0.0.1 as my DNS server. I tried typing "rndc dumpdb" and "rndc states" but nothing happens
Do you get any messages in /var/log/messages when you try?
Marko wrote:
so how do i know that named is doing it's job and whats the advantage of having it if it all the records expire in 15min?
Only records with 15mins TTL will expire in 15mins :-) - the advantage is that the cached record is used instead of doing a new query for every lookup. It's faster and it reduces load on the DNS system.
Also should i set forwarders to my ISP DNS's
I would.
and if so must it be forward only; or forward first;
From the BIND manual:
forward: A value of first, the default, causes the server to query the forwarders first, and if that doesn't answer the question the server will then look for the answer itself. If only is specified, the server will only query the forwarders. forward first I would suggest, /Per Jessen, Zürich -- http://www.spamchek.com/freetrial - sign up for your free 30-day trial now!
So how do ya check TTL and is there a way to keep the record's cached for longer(maybe a week) and only update the cached ip's weekly or when i want(some command)? Cause there is no point having records last less then a day i generaly wont go to the same page every hour or even everyday but i might the next day and i dont want to query again cause i dont have a really fast(ISDN) connection. Currently im connected multilink 128k and the query time for suse.com is 1.6 second and nxsecure.org 3 seconds. Thats just 2 long. -------------------------- dig www.suse.com ;;Query time: 1598 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Sun May 29 16:50:21 2005 ;; MSG SIZE rcvd: 121 -------------------------- dig www.nxsecure.org ;; Query time: 2942 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Sun May 29 16:52:33 2005 ;; MSG SIZE rcvd: 131 On Sunday 29 May 2005 13:35, Per Jessen wrote:
Marko wrote:
so how do i know that named is doing it's job and whats the advantage of having it if it all the records expire in 15min?
Only records with 15mins TTL will expire in 15mins :-) - the advantage is that the cached record is used instead of doing a new query for every lookup. It's faster and it reduces load on the DNS system.
Also should i set forwarders to my ISP DNS's
I would.
and if so must it be forward only; or forward first;
From the BIND manual:
forward: A value of first, the default, causes the server to query the forwarders first, and if that doesn't answer the question the server will then look for the answer itself. If only is specified, the server will only query the forwarders.
forward first I would suggest,
/Per Jessen, Zürich
-- http://www.spamchek.com/freetrial - sign up for your free 30-day trial now!
On Sunday 29 May 2005 15:58 pm, Marko wrote:
So how do ya check TTL and is there a way to keep the record's cached for longer(maybe a week) and only update the cached ip's weekly or when i want(some command)?
The TTL is defined by the administrators of the originating domain - Google sets its TTL, The BBC set them for www.bbc.co.uk, my hosts set the TTL for my domain.... They choose times which are suitable for the domain in question.
Cause there is no point having records last less then a day
Yes, there is. As mentioned before it is a method of implementing crude load balancing for sites which a single user MAY use many times an hour (like google.) Since one use of google may actually span half an hour or more and every time you ask the browser to fech a new page it does a dns lookup a session of 15 minutes looking through results is going to be covered by the TTL of your local cache.
i generaly wont go to the same page every hour or even everyday but i might the next day and i dont want to query again cause i dont have a really fast(ISDN) connection. Currently im connected multilink 128k and the query time for suse.com is 1.6 second and nxsecure.org 3 seconds. Thats just 2 long.
You're right - it is. AND YOU NEED TO SOLVE THAT PROBLEM. I get suse.com in 18msec and nxsecure.org in 139msec. Clearly suse.com is cached, but nxsecure certainly isn't and you should be looking at 1 to 200 msec for a lookup. Your problem is NOT with the TTL of the cache, it is with your named setup. Dylan -- "I see your Schwartz is as big as mine" -Dark Helmet
The Sunday 2005-05-29 at 16:31 +0100, Dylan wrote:
i generaly wont go to the same page every hour or even everyday but i might the next day and i dont want to query again cause i dont have a really fast(ISDN) connection. Currently im connected multilink 128k and the query time for suse.com is 1.6 second and nxsecure.org 3 seconds. Thats just 2 long.
You're right - it is. AND YOU NEED TO SOLVE THAT PROBLEM. I get suse.com in 18msec and nxsecure.org in 139msec. Clearly suse.com is cached, but nxsecure certainly isn't and you should be looking at 1 to 200 msec for a lookup. Your problem is NOT with the TTL of the cache, it is with your named setup.
It is normal. cer@nimrodel:~> time host nxsecure.org nxsecure.org has address 66.90.71.245 nxsecure.org mail is handled by 0 nxsecure.org. real 0m3.196s user 0m0.006s sys 0m0.005s cer@nimrodel:~> time host nxsecure.org nxsecure.org has address 66.90.71.245 nxsecure.org mail is handled by 0 nxsecure.org. real 0m0.014s user 0m0.003s sys 0m0.005s See? first time, more than 3 seconds. Second time, 14 mS. That's typical, and the problem is the slow link and slow dns servers of my ISPs - also, they might have to ask upstream for that particular query: a query of a local, very much used web site is much faster here (I tried, almost instantaneous). Now I reset my local named, and retry: cer@nimrodel:~> host -v nxsecure.org .... Received 91 bytes from 192.168.100.2#53 in 1831 ms Second time, just 9 mS. -- Cheers, Carlos Robinson
Carlos, On Sunday 29 May 2005 12:17, Carlos E. R. wrote:
...
cer@nimrodel:~> time host nxsecure.org nxsecure.org has address 66.90.71.245 nxsecure.org mail is handled by 0 nxsecure.org.
real 0m3.196s user 0m0.006s sys 0m0.005s
cer@nimrodel:~> time host nxsecure.org nxsecure.org has address 66.90.71.245 nxsecure.org mail is handled by 0 nxsecure.org.
real 0m0.014s user 0m0.003s sys 0m0.005s
See? first time, more than 3 seconds. Second time, 14 mS. That's typical, and the problem is the slow link and slow dns servers of my ISPs - also, they might have to ask upstream for that particular query: a query of a local, very much used web site is much faster here (I tried, almost instantaneous).
Many ISPs provide more than one name server. Does your ISP provide more than one name server (address)? If so, is it possible you've misconfigured the primary, forcing each request to time out once (on the primary server) and then fail over to the secondary where they succeed?
...
-- Cheers, Carlos Robinson
Randall Schulz
The Sunday 2005-05-29 at 14:16 -0700, Randall R Schulz wrote:
Many ISPs provide more than one name server. Does your ISP provide more than one name server (address)? If so, is it possible you've misconfigured the primary, forcing each request to time out once (on the primary server) and then fail over to the secondary where they succeed?
Possible. But I don't think so. If the first DNS fails timing out, my own DNS will time out as well, or at least, take much longer than three seconds. I know, in some cases it takes perhaps ten seconds till it complains. Remember: modem is slow. Providers are slow. I can try using the root servers and see if it is faster. [...] Offline: Host nxsecure.org not found: 2(SERVFAIL) Received 30 bytes from 192.168.100.2#53 in 164 ms Online: Trying "nxsecure.org" ... Received 113 bytes from 192.168.100.2#53 in 1344 ms Trying "nxsecure.org" ... Received 91 bytes from 192.168.100.2#53 in 313 ms Trying "nxsecure.org" ... Received 129 bytes from 192.168.100.2#53 in 302 ms Notice it's got to make three seeks, making a total of 1.959 seconds, a bit faster than using my forwarders the other day. Second time (cached): Received 113 bytes from 192.168.100.2#53 in 57 ms Received 91 bytes from 192.168.100.2#53 in 43 ms Received 129 bytes from 192.168.100.2#53 in 45 ms I reenable my forwarders, and reload named. First time: Received 129 bytes from 192.168.100.2#53 in 2540 ms Received 91 bytes from 192.168.100.2#53 in 339 ms Received 145 bytes from 192.168.100.2#53 in 342 ms That's a total of 3.2", slower than asking the root servers; second time (cached): Received 129 bytes from 192.168.100.2#53 in 45 ms Received 91 bytes from 192.168.100.2#53 in 30 ms Received 145 bytes from 192.168.100.2#53 in 45 ms Ok, I'll try again; I dissable my forwarders a second time, reload named, and retry: cer@nimrodel:~> time host -v nxsecure.org Received 113 bytes from 192.168.100.2#53 in 3543 ms Received 91 bytes from 192.168.100.2#53 in 291 ms Received 129 bytes from 192.168.100.2#53 in 300 ms real 0m4.176s -- and the sum of the above values is 4.134", it matches what the comand "time" said. You see... four seconds, from the root servers. I didn't try again with forwarders enabled, because my connection went down (1 minute timeout). Times longer than two seconds for a lookup are very normal, at least in my part of the world, when using a modem. -- Cheers, Carlos Robinson
Dylan wrote:
Yes, there is. As mentioned before it is a method of implementing crude load balancing for sites which a single user MAY use many times an hour (like google.)
But doing this form of loadbalancing doesn't actually explain why the TTL is set at 15mins. On the first query, the caching daemon will get a set of IP-addresses and hand these to the client. On the second and subsequent queries, the same answer applies, except not in the same sequence. Bind will send back the answers in a different order. per@io:~/downloads> dig google.ch ;; ANSWER SECTION: google.ch. 1763 IN A 216.239.39.104 google.ch. 1763 IN A 216.239.57.104 google.ch. 1763 IN A 216.239.59.104 Next query, only seconds later: ;; ANSWER SECTION: google.ch. 1758 IN A 216.239.59.104 google.ch. 1758 IN A 216.239.39.104 google.ch. 1758 IN A 216.239.57.104 Oh, and as you can see, it's google.com that has a 15min TTL - google.co.uk and .ch arew both at 30mins. /Per -- http://www.spamchek.com/ - managed anti-spam and anti-virus solution.
Marko wrote:
So how do ya check TTL and is there a way to keep the record's cached for longer(maybe a week) and only update the cached ip's weekly or when i want(some command)?
You can check the TTL when you use 'dig' to lookup a hostname. As for altering the cacheing times, I don't know of a way.
Cause there is no point having records last less then a day i generaly wont go to the same page every hour or even everyday but i might the next day and i dont want to query again
Leave the cacheing setup to the DNS-system and the DNS operators. Don't try to bend it into your flavour - it'll only break. -- /Per Jessen, Zürich
The Sunday 2005-05-29 at 12:23 +0200, Marko wrote:
Yes, the log's are there now. I just didnt check :) so how do i know that named is doing it's job and whats the advantage of having it if it all the records expire in 15min?
Not all records expire in 15 minutes. Many will have longer times, some shorter. In any case, after the first lookup, the next time you try will need much less time (500 ms vs 1ms). Notice that you may need a certain address dozens of times on a session. Half a second delay over a modem, and depending on the remote dns server, is quite normal: and much longer sometimes (till timeout). Also, if you are on modem, it saves bandwidth.
Also should i set forwarders to my ISP DNS's and if so must it be forward only; or forward first;
Forward first is fine. You should not query the root servers unless necesary, saves load on them. And if they (your isp dns) are well designed, faster for you as well. -- Cheers, Carlos Robinson
participants (8)
-
Anders Johansson -
Carlos E. R. -
Dylan -
Kastus -
Ken Schneider -
Marko -
Per Jessen -
Randall R Schulz