Fwd: Re: recursive resolver

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Fwd: Re: recursive resolver

ShubhamGoyal
Thank you  very much sir for replying
 
we made a recurive resolver (Cent OS 7,  8GB RAM ,250 GB Hard disk and network speed is also good  ) . It reply in 1200 msec and 1800 msec (which is very slow). if it gave Reply by Cache (80 msec or 76 msec).
so i want to know about,
How can i improve my recursive resolver speed.
and If  we apply syslog  (it is a centralised logging of bind) .  then any profit for recursive resolver.
 
 
 
In order for us to help you better, you need to provide more information. What makes you think The recursive resolver is slow? Do you have syslog? Is the BIND instance slow, or is it the operating system (low RAM? Slow disk?) or is this a network-related issue? 

On Thu, Mar 12, 2020 at 11:00 AM ShubhamGoyal < [hidden email]> wrote:
 Dear sir,
                                how can we improve my DNS Recursive resolver speed.
 
Best Regards,
Shubham Goyal
Cyber Security Group
Centre for Development of Advanced Computing
Bangalore

150th Anniversary Mahatma Gandhi

------------------------------------------------------------------------------------------------------------
[ C-DAC is on Social-Media too. Kindly follow us at:
Facebook: https://www.facebook.com/CDACINDIA & Twitter: @cdacindia ]

This e-mail is for the sole use of the intended recipient(s) and may
contain confidential and privileged information. If you are not the
intended recipient, please contact the sender by reply e-mail and destroy
all copies and the original message. Any unauthorized review, use,
disclosure, dissemination, forwarding, printing or copying of this email
is strictly prohibited and appropriate legal action will be taken.
------------------------------------------------------------------------------------------------------------
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Best Regards,
Shubham Goyal
Cyber Security Group
Centre for Development of Advanced Computing
Bangalore

150th Anniversary Mahatma Gandhi

------------------------------------------------------------------------------------------------------------
[ C-DAC is on Social-Media too. Kindly follow us at:
Facebook: https://www.facebook.com/CDACINDIA & Twitter: @cdacindia ]

This e-mail is for the sole use of the intended recipient(s) and may
contain confidential and privileged information. If you are not the
intended recipient, please contact the sender by reply e-mail and destroy
all copies and the original message. Any unauthorized review, use,
disclosure, dissemination, forwarding, printing or copying of this email
is strictly prohibited and appropriate legal action will be taken.
------------------------------------------------------------------------------------------------------------
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: Fwd: Re: recursive resolver

Matus UHLAR - fantomas
On 12.03.20 11:54, ShubhamGoyal wrote:
>we made a recurive resolver (Cent OS 7,  8GB RAM ,250 GB Hard disk and network
>speed is also good  ) . It reply in 1200 msec and 1800 msec (which is very
>slow). if it gave Reply by Cache (80 msec or 76 msec).
>so i want to know about,
>How can i improve my recursive resolver speed.
>and If  we apply syslog  (it is a centralised logging of bind) .  then any
>profit for recursive resolver.

If you have anything like DNS fixups set on your routers, turn it off now.
Those don't offer any real fixups, but they do mess up DNS service instead.


>In order for us to help you better, you need to provide more information. What
>makes you think The recursive resolver is slow? Do you have syslog? Is the BIND
>instance slow, or is it the operating system (low RAM? Slow disk?) or is this a
>network-related issue?
>
>On Thu, Mar 12, 2020 at 11:00 AM ShubhamGoyal < [hidden email]
><mailto:[hidden email]> > wrote:
>>    Dear sir,
>>                                   how can we improve my DNS Recursive resolver
>> speed.


--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Saving Private Ryan...
Private Ryan exists. Overwrite? (Y/N)
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

VS: Re: recursive resolver

Jukka Pakkanen
In reply to this post by ShubhamGoyal

Are the response times the same in the local network, and in the server console itself?  Just to isolate if the problem is in the server side, or on the network side which many has already suggested.


Jukka

Lähettäjä: bind-users <[hidden email]> Puolesta ShubhamGoyal
Lähetetty: 12. maaliskuuta 2020 7:24
Vastaanottaja: [hidden email]
Kopio: [hidden email]
Aihe: Fwd: Re: recursive resolver

 

Thank you  very much sir for replying

 

we made a recurive resolver (Cent OS 7,  8GB RAM ,250 GB Hard disk and network speed is also good  ) . It reply in 1200 msec and 1800 msec (which is very slow). if it gave Reply by Cache (80 msec or 76 msec).

so i want to know about,

How can i improve my recursive resolver speed.

and If  we apply syslog  (it is a centralised logging of bind) .  then any profit for recursive resolver.

 

 

 

In order for us to help you better, you need to provide more information. What makes you think The recursive resolver is slow? Do you have syslog? Is the BIND instance slow, or is it the operating system (low RAM? Slow disk?) or is this a network-related issue? 

 

On Thu, Mar 12, 2020 at 11:00 AM ShubhamGoyal < [hidden email]> wrote:

 Dear sir,

                                how can we improve my DNS Recursive resolver speed.

 

Best Regards,
Shubham Goyal
Cyber Security Group
Centre for Development of Advanced Computing
Bangalore


150th Anniversary Mahatma Gandhi

------------------------------------------------------------------------------------------------------------
[ C-DAC is on Social-Media too. Kindly follow us at:
Facebook: https://www.facebook.com/CDACINDIA & Twitter: @cdacindia ]

This e-mail is for the sole use of the intended recipient(s) and may
contain confidential and privileged information. If you are not the
intended recipient, please contact the sender by reply e-mail and destroy
all copies and the original message. Any unauthorized review, use,
disclosure, dissemination, forwarding, printing or copying of this email
is strictly prohibited and appropriate legal action will be taken.
------------------------------------------------------------------------------------------------------------

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users

Best Regards,
Shubham Goyal
Cyber Security Group
Centre for Development of Advanced Computing
Bangalore


150th Anniversary Mahatma Gandhi

------------------------------------------------------------------------------------------------------------
[ C-DAC is on Social-Media too. Kindly follow us at:
Facebook: https://www.facebook.com/CDACINDIA & Twitter: @cdacindia ]

This e-mail is for the sole use of the intended recipient(s) and may
contain confidential and privileged information. If you are not the
intended recipient, please contact the sender by reply e-mail and destroy
all copies and the original message. Any unauthorized review, use,
disclosure, dissemination, forwarding, printing or copying of this email
is strictly prohibited and appropriate legal action will be taken.
------------------------------------------------------------------------------------------------------------


_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: Fwd: Re: recursive resolver

m3047
In reply to this post by ShubhamGoyal
To confirm, this is a local caching also-known-as recursive resolver. It
is quick (< 100 msec) when answering from cache, but not when it has to do
lookups itself (> 1000 msec).

On Thu, 12 Mar 2020, ShubhamGoyal wrote:
>
> we made a recurive resolver (Cent OS 7,  8GB RAM ,250 GB Hard disk and network
> speed is also good  ) . It reply in 1200 msec and 1800 msec (which is very
> slow). if it gave Reply by Cache (80 msec or 76 msec).
> so i want to know about,
> How can i improve my recursive resolver speed.

I can't give you a detailed troubleshooting guide, but I can give you some
general outline of the problem terrain.

The obvious conclusion (until disproved!) is that "DNS lookups to the rest
of the world are slow" but I wouldn't start there. I'd start with looking
at the BIND logs, because it's easy.

I'd start with setting up logging like the following:

     // Must start named with -d 2 for this to be activated,
     // otherwise it's just silent.
     channel queryerrors {
         file "bind-query-errors.log" versions 2 size 20m;
         severity debug 2;
         print-category no;
         print-severity yes;
         print-time yes;
     };

and then I'd look in bind-query-errors.log for entries like this:

27-Jan-2019 11:00:54.185 debug 2: fetch completed at resolver.c:4176 for
addons.cdn.mozilla.net/A in 10.000425: timed out/success
[domain:mozilla.net,referral:0,restart:4,qrysent:13,timeout:12,lame:0,quota:0,neterr:0,badresp:0,adberr:0,find
fail:0,valfail:0]

Don't panic about a few errors, but if you're having problems, that's
where I'd look. ;-)

There are a number of different kinds of errors, this one is "timed out".
(Do you see timeouts or query fails at your caching server's clients (your
workstation / laptop))? Can you confirm or disprove the "obvious
conclusion" from data in the logs? Is some other issue apparent?

Moving back to the "obvious conclusion", your workstation makes a request
to your server with the "RD" (recursion desired) flag. Your server then
makes requests of its own without the "RD" flag. You should be able to see
these queries (and the responses) directed to nameservers on the internet
by dumping packets, and to pair them up and see how long they're taking.
You can even make your own with dig using the appropriate flags.

From here you have to explore whether it's a technical connectivity issue
(such as MTU or blocking of TCP etc.) or provisioning / bandwidth issue
(just too slow / too many hops to anywhere or some (particular) where).

After you've ruled out the obvious conclusion you have to start
considering scenarios such as someone intentionally interfering in path
with port 53 traffic.

--

Fred Morris

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: Fwd: Re: recursive resolver

Bind-Users forum mailing list
On 3/12/20 11:00 AM, Fred Morris wrote:
> The obvious conclusion (until disproved!) is that "DNS lookups to the
> rest of the world are slow" but I wouldn't start there.

I feel like running a network sniffer (tcpdump, Wireshark, etc.) on the
recursive resolver will make it quite apparent where the majority of the
delay is.  I half way expect that the delay is between the outbound
queries (sent by BIND) and the inbound replies.



--
Grant. . . .
unix || die


_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users

smime.p7s (5K) Download Attachment