Re: Fwd: Re: recursive resolver

2020-03-12 Thread Fred Morris 
To confirm, this is a local caching also-known-as recursive resolver. It 
is quick (< 100 msec) when answering from cache, but not when it has to do 
lookups itself (> 1000 msec).


On Thu, 12 Mar 2020, ShubhamGoyal wrote:


we made a recurive resolver (Cent OS 7,  8GB RAM ,250 GB Hard disk and network
speed is also good  ) . It reply in 1200 msec and 1800 msec (which is very
slow). if it gave Reply by Cache (80 msec or 76 msec).
so i want to know about,
How can i improve my recursive resolver speed.


I can't give you a detailed troubleshooting guide, but I can give you some 
general outline of the problem terrain.


The obvious conclusion (until disproved!) is that "DNS lookups to the rest 
of the world are slow" but I wouldn't start there. I'd start with looking 
at the BIND logs, because it's easy.


I'd start with setting up logging like the following:

// Must start named with -d 2 for this to be activated,
// otherwise it's just silent.
channel queryerrors {
file "bind-query-errors.log" versions 2 size 20m;
severity debug 2;
print-category no;
print-severity yes;
print-time yes;
};

and then I'd look in bind-query-errors.log for entries like this:

27-Jan-2019 11:00:54.185 debug 2: fetch completed at resolver.c:4176 for 
addons.cdn.mozilla.net/A in 10.000425: timed out/success 
[domain:mozilla.net,referral:0,restart:4,qrysent:13,timeout:12,lame:0,quota:0,neterr:0,badresp:0,adberr:0,find 
fail:0,valfail:0]


Don't panic about a few errors, but if you're having problems, that's 
where I'd look. ;-)


There are a number of different kinds of errors, this one is "timed out". 
(Do you see timeouts or query fails at your caching server's clients (your 
workstation / laptop))? Can you confirm or disprove the "obvious 
conclusion" from data in the logs? Is some other issue apparent?


Moving back to the "obvious conclusion", your workstation makes a request 
to your server with the "RD" (recursion desired) flag. Your server then 
makes requests of its own without the "RD" flag. You should be able to see 
these queries (and the responses) directed to nameservers on the internet 
by dumping packets, and to pair them up and see how long they're taking. 
You can even make your own with dig using the appropriate flags.


From here you have to explore whether it's a technical connectivity issue 
(such as MTU or blocking of TCP etc.) or provisioning / bandwidth issue 
(just too slow / too many hops to anywhere or some (particular) where).


After you've ruled out the obvious conclusion you have to start 
considering scenarios such as someone intentionally interfering in path 
with port 53 traffic.


--

Fred Morris

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

VS: Re: recursive resolver

2020-03-12 Thread Jukka Pakkanen 
Are the response times the same in the local network, and in the server console 
itself?  Just to isolate if the problem is in the server side, or on the 
network side which many has already suggested.

Jukka

Lähettäjä: bind-users  Puolesta ShubhamGoyal
Lähetetty: 12. maaliskuuta 2020 7:24
Vastaanottaja: josh@gmail.com
Kopio: bind-users@lists.isc.org
Aihe: Fwd: Re: recursive resolver

Thank you  very much sir for replying

we made a recurive resolver (Cent OS 7,  8GB RAM ,250 GB Hard disk and network 
speed is also good  ) . It reply in 1200 msec and 1800 msec (which is very 
slow). if it gave Reply by Cache (80 msec or 76 msec).
so i want to know about,
How can i improve my recursive resolver speed.
and If  we apply syslog  (it is a centralised logging of bind) .  then any 
profit for recursive resolver.



In order for us to help you better, you need to provide more information. What 
makes you think The recursive resolver is slow? Do you have syslog? Is the BIND 
instance slow, or is it the operating system (low RAM? Slow disk?) or is this a 
network-related issue?

On Thu, Mar 12, 2020 at 11:00 AM ShubhamGoyal < 
shubhamgo...@cdac.in> wrote:
 Dear sir,
how can we improve my DNS Recursive resolver 
speed.

Best Regards,
Shubham Goyal
Cyber Security Group
Centre for Development of Advanced Computing
Bangalore

[150th Anniversary Mahatma Gandhi]


[ C-DAC is on Social-Media too. Kindly follow us at:
Facebook: https://www.facebook.com/CDACINDIA & Twitter: @cdacindia ]

This e-mail is for the sole use of the intended recipient(s) and may
contain confidential and privileged information. If you are not the
intended recipient, please contact the sender by reply e-mail and destroy
all copies and the original message. Any unauthorized review, use,
disclosure, dissemination, forwarding, printing or copying of this email
is strictly prohibited and appropriate legal action will be taken.

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Best Regards,
Shubham Goyal
Cyber Security Group
Centre for Development of Advanced Computing
Bangalore

[150th Anniversary Mahatma Gandhi]


[ C-DAC is on Social-Media too. Kindly follow us at:
Facebook: https://www.facebook.com/CDACINDIA & Twitter: @cdacindia ]

This e-mail is for the sole use of the intended recipient(s) and may
contain confidential and privileged information. If you are not the
intended recipient, please contact the sender by reply e-mail and destroy
all copies and the original message. Any unauthorized review, use,
disclosure, dissemination, forwarding, printing or copying of this email
is strictly prohibited and appropriate legal action will be taken.

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Fwd: Re: recursive resolver

2020-03-12 Thread Matus UHLAR - fantomas 

On 12.03.20 11:54, ShubhamGoyal wrote:

we made a recurive resolver (Cent OS 7,  8GB RAM ,250 GB Hard disk and network
speed is also good  ) . It reply in 1200 msec and 1800 msec (which is very
slow). if it gave Reply by Cache (80 msec or 76 msec).
so i want to know about,
How can i improve my recursive resolver speed.
and If  we apply syslog  (it is a centralised logging of bind) .  then any
profit for recursive resolver.


If you have anything like DNS fixups set on your routers, turn it off now. 
Those don't offer any real fixups, but they do mess up DNS service instead.




In order for us to help you better, you need to provide more information. What
makes you think The recursive resolver is slow? Do you have syslog? Is the BIND
instance slow, or is it the operating system (low RAM? Slow disk?) or is this a
network-related issue?

On Thu, Mar 12, 2020 at 11:00 AM ShubhamGoyal < shubhamgo...@cdac.in
 > wrote:

   Dear sir,
  how can we improve my DNS Recursive resolver
speed.



--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Saving Private Ryan...
Private Ryan exists. Overwrite? (Y/N)
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: recursive resolver

2020-03-12 Thread G.W. Haywood via bind-users 

Hi there,

On Thu, 12 Mar 2020, ShubhamGoyal wrote:


we made a recurive resolver (Cent OS 7,  8GB RAM ,250 GB Hard disk and network
speed is also good  ) . It reply in 1200 msec and 1800 msec (which is very
slow). if it gave Reply by Cache (80 msec or 76 msec).
so i want to know about,
How can i improve my recursive resolver speed.


I wonder if you have some kind of networking misconfiguration which
results in timeouts while BIND is waiting for responses.  Perhaps you
will learn more about what is happening if you look at the network
traffic using a tool such as Wireshark.


and If  we apply syslog  (it is a centralised logging of bind) .  then any
profit for recursive resolver.


If I had a problem with anything which used centralised logging, one
of the first things I would do is check that the centralised logging
was not causing the problem - it is very simple to change the logging
arrangements.  Having said that, I have never found that centralised
logging has caused any problems when it is set up sanely.

--

73,
Ged.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users