Re: Performance Tuning RHEL 5 and Bind
OK I have the source of the problem now I just need an elegant way to fix it and most cost ( Network TCP ) effective way to fix it The Windows Domain is responsible for X.internal.example.com and I am presently forwarding X.internal.example.com to their nameservers DC, resulting in TCP queries. Which is dragging the cache server down when PC's query for records off of [NAME].internal.example.com. I don't mind not caching X.internal.example.com so can I create an NS record or an stub entry that points the PC's else where rather than forwarding them or caching them? Thank You, Brett On Tue, Oct 22, 2013 at 9:39 PM, Alan Clegg a...@clegg.com wrote: On Oct 22, 2013, at 8:29 PM, brett smith brett.s9...@gmail.com wrote: Yes tuning off IPTABLES conn-tracking makes a huge difference. I also followed: https://access.redhat.com/site/solutions/304713 https://access.redhat.com/site/solutions/168483 I still see some SYN_SENT from Windows PC's on tcp port 53 on the DNS cache server. You've cured the symptoms, not the illness. You really, REALLY need to figure out why your clients are doing TCP. You'll see a world of difference when you solve this part of the puzzle. AlanC -- Alan Clegg | +1-919-355-8851 | a...@clegg.com ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Performance Tuning RHEL 5 and Bind
On Oct 28, 2013, at 8:08 PM, brett smith brett.s9...@gmail.com wrote: OK I have the source of the problem now I just need an elegant way to fix it and most cost ( Network TCP ) effective way to fix it The Windows Domain is responsible for X.internal.example.com and I am presently forwarding X.internal.example.com to their nameservers DC, resulting in TCP queries. Which is dragging the cache server down when PC's query for records off of [NAME].internal.example.com. I don't mind not caching X.internal.example.com so can I create an NS record or an stub entry that points the PC's else where rather than forwarding them or caching them? Slave X.internal.example.com AlanC -- Alan Clegg | +1-919-355-8851 | a...@clegg.com signature.asc Description: Message signed with OpenPGP using GPGMail ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Performance Tuning RHEL 5 and Bind
Hi— On Oct 28, 2013, at 9:05 PM, Alan Clegg a...@clegg.com wrote: Slave X.internal.example.com +1; it’s also worth looking into why there is such a high volume of DNS queries. Is it simply a big network with a lot of chatty clients? Or is TTL turned down so low that client side caching is not effective and needs to requery often? Or is something doing a host scan? If it’s your network IDS or security/network admin folks running a portscan, fine; if it’s malware or an intruder scanning the local subnet(s), one might want to notice and take steps to solve the problem rather than a symptom. Regards, — -Chuck ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Performance Tuning RHEL 5 and Bind
Hi, Kevin Darcy k...@chrysler.com writes: Are these queries mostly for names in an Active Directory domain? The default for Active Directory is for *every* Domain Controller to register NS records at the apex of the AD domain. Pretty soon, for any reasonably-sized AD infrastructure, all of those NSes cause *all* queries for *any* name in the domain to trigger a TCP retry (because the Answer + Authority Sections overflow 512 bytes), if EDNS0 is not in effect. I sat down with our AD folks a few years ago and impressed upon them how important it is to be selective about which Domain Controllers are registered at the apex. They appreciated the negative consequences of being awash in TCP retries, and it's been managed for some time now (at least for our *main* AD domain; don't get me started on the business partner that still has 92 NS records at the apex of their AD domain. Sigh) good point. Increasing the EDNS0 UDP size might also be an option (default is 1280 for Windows DNS) - http://technet.microsoft.com/en-us/library/cc783893%28v=ws.10%29.aspx It is possible to tell some less critical DC to not register themself in DNS: http://support.microsoft.com/kb/198767 and http://technet.microsoft.com/en-us/library/cc782946%28v=ws.10%29.aspx -- Carsten ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Performance Tuning RHEL 5 and Bind
On Oct 21, 2013, at 9:47 AM, wbr...@e1b.org wrote: From: Alan Clegg a...@clegg.com Fix your windows clients. You can't fix stupid. I have lots of windows clients and they don't exhibit this feature. There's something wrong on the windows clients and it's not the norm. To be honest, recent windows releases do a pretty fine job with DNS. AlanC -- Alan Clegg | +1-919-355-8851 | a...@clegg.com signature.asc Description: Message signed with OpenPGP using GPGMail ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Performance Tuning RHEL 5 and Bind
-Original Message- From: Alan Clegg a...@clegg.com Date: Tuesday, October 22, 2013 7:44 AM To: bind-users@lists.isc.org bind-users@lists.isc.org Subject: Re: Performance Tuning RHEL 5 and Bind On Oct 21, 2013, at 9:47 AM, wbr...@e1b.org wrote: From: Alan Clegg a...@clegg.com Fix your windows clients. You can't fix stupid. I have lots of windows clients and they don't exhibit this feature. There's something wrong on the windows clients and it's not the norm. To be honest, recent windows releases do a pretty fine job with DNS. Agreed. The problem here is the TCP fall-back vs BIND/OS tuning. I've got a lot of Windows clients (mostly vmware related infra) that don't query via TCP. I would focus on a deeper inspection of the environment including network layer. The OP needs to figure out why the queries are using TCP. Speculating based on the available data, I'm wondering if the new BIND servers were stood up behind a firewall...possibly with broken protocol inspection/fixup type configuration limiting UDP packet size to 512 bytes...and zone data with large NS/whatever RR sets resulting in TCP retries. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Performance Tuning RHEL 5 and Bind
Are these queries mostly for names in an Active Directory domain? The default for Active Directory is for *every* Domain Controller to register NS records at the apex of the AD domain. Pretty soon, for any reasonably-sized AD infrastructure, all of those NSes cause *all* queries for *any* name in the domain to trigger a TCP retry (because the Answer + Authority Sections overflow 512 bytes), if EDNS0 is not in effect. I sat down with our AD folks a few years ago and impressed upon them how important it is to be selective about which Domain Controllers are registered at the apex. They appreciated the negative consequences of being awash in TCP retries, and it's been managed for some time now (at least for our *main* AD domain; don't get me started on the business partner that still has 92 NS records at the apex of their AD domain. Sigh) Sounds like you might need to have the same discussion with your AD guys, if in fact AD is a factor here. Even if the users aren't *consciously* looking up AD-related names, if the AD domain is in the Suffix Search List and your users' shortname addiction is out of control, the combination of the two, along with excess NS records at the apex, can ultimately result in a lot of bogus TCP retries. Sometimes you can alleviate this with careful ordering or pruning of elements in the Suffix Search List. A lot of folks think that query logging is a drain on resources, and anyone who is serious about DNS performance would never turn it on. Those folks must not work in a large, chaotic enterprise :-) I find query logging and associated data-mining tools I've developed over the years, invaluable to track down broken and/or obsolete query traffic and eliminate it at the source. This saves me *much* more performance than the query logging itself, as well as being valuable for security forensics, incident avoidance (e.g. before I delete this name from DNS, let me check whether anyone is still looking it up) and a plethora of other useful stuff. - Kevin On 10/19/2013 9:34 PM, brett smith wrote: When all the Windows PC's are switched to our resolver, bind stops responding. rndc querylog shows queries coming thru, I changed tcp-clients from 1000 to 1 but DNS seems lagging, so we switched back to the original Windows Domain resolver. Besides increasing open files tuning, what TCP / sysctl or named.conf settings can be set to optimize / speed up DNS queries? Because it seems that Windows clients use TCP instead of UDP when looking at netstat on the server. Thanks. Brett. On Sat, Oct 19, 2013 at 3:20 AM, sth...@nethelp.no wrote: I need to build a pair DNS cache servers to support 5000+ clients ( PC's and Servers ). I have been looking for some guides on tuning BIND and the OS for Enterprise performance rather than the defaults. The version of bind is bind-9.8.2. 5000 clients is such a low number that I don't think you need to worry about tuning at all. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Performance Tuning RHEL 5 and Bind
Yes tuning off IPTABLES conn-tracking makes a huge difference. I also followed: https://access.redhat.com/site/solutions/304713 https://access.redhat.com/site/solutions/168483 I still see some SYN_SENT from Windows PC's on tcp port 53 on the DNS cache server. Thank You, Brett On Sun, Oct 20, 2013 at 6:27 PM, Stuart Browne stuart.bro...@ausregistry.com.au wrote: -Original Message- From: bind-users-bounces+stuart.browne=ausregistry.com...@lists.isc.org [mailto:bind-users-bounces+stuart.browne=ausregistry.com...@lists.isc.org] On Behalf Of brett smith Sent: Sunday, 20 October 2013 12:35 PM To: sth...@nethelp.no Cc: bind-users@lists.isc.org Subject: Re: Performance Tuning RHEL 5 and Bind When all the Windows PC's are switched to our resolver, bind stops responding. rndc querylog shows queries coming thru, I changed tcp-clients from 1000 to 1 but DNS seems lagging, so we switched back to the original Windows Domain resolver. Besides increasing open files tuning, what TCP / sysctl or named.conf settings can be set to optimize / speed up DNS queries? Because it seems that Windows clients use TCP instead of UDP when looking at netstat on the server. Thanks. Brett. On Sat, Oct 19, 2013 at 3:20 AM, sth...@nethelp.no wrote: I need to build a pair DNS cache servers to support 5000+ clients ( PC's and Servers ). I have been looking for some guides on tuning BIND and the OS for Enterprise performance rather than the defaults. The version of bind is bind-9.8.2. 5000 clients is such a low number that I don't think you need to worry about tuning at all. Steinar Haug, Nethelp consulting, sth...@nethelp.no If my experience with high-throughput through a redhat system is anything to go by, what you are probably hitting is the IPTables conntrack bucket limits. The simplest way to avoid this is to bypass connection tracking. You can do one of the following: - Turn off iptables (probably not a good idea) - Turn off conn-tracking and not use the state module, rewriting all rules (nasty) - Tell iptables to not conntrack for just udp/53 tcp/53 (-A -t raw -j NOTRACK -m tcp -p tcp --dport 53 ; -A -t raw -j NOTRACK -m udp -p udp --dport 53) We use the 3rd method and it works beautifully. Just ensure you're 'filter' rules don't force the use of conntrack for that traffic. See the man page for more details. Stuart ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Performance Tuning RHEL 5 and Bind
On Oct 22, 2013, at 8:29 PM, brett smith brett.s9...@gmail.com wrote: Yes tuning off IPTABLES conn-tracking makes a huge difference. I also followed: https://access.redhat.com/site/solutions/304713 https://access.redhat.com/site/solutions/168483 I still see some SYN_SENT from Windows PC's on tcp port 53 on the DNS cache server. You've cured the symptoms, not the illness. You really, REALLY need to figure out why your clients are doing TCP. You'll see a world of difference when you solve this part of the puzzle. AlanC -- Alan Clegg | +1-919-355-8851 | a...@clegg.com signature.asc Description: Message signed with OpenPGP using GPGMail ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Performance Tuning RHEL 5 and Bind
From: Alan Clegg a...@clegg.com Fix your windows clients. You can't fix stupid. Confidentiality Notice: This electronic message and any attachments may contain confidential or privileged information, and is intended only for the individual or entity identified above as the addressee. If you are not the addressee (or the employee or agent responsible to deliver it to the addressee), or if this message has been addressed to you in error, you are hereby notified that you may not copy, forward, disclose or use any part of this message or any attachments. Please notify the sender immediately by return e-mail or telephone and delete this message from your system. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: Performance Tuning RHEL 5 and Bind
Any reason you're using RHEL5 as opposed to RHEL6 if you're building new servers? RHEL5 is very long in the tooth and will go EOL sooner than RHEL6. Since you're using a BIND package not shipped with RHEL5 there's no reason on that account not to move up to RHEL6. -Original Message- From: bind-users-bounces+jlightner=water@lists.isc.org [mailto:bind-users-bounces+jlightner=water@lists.isc.org] On Behalf Of wbr...@e1b.org Sent: Monday, October 21, 2013 9:47 AM To: bind-users@lists.isc.org Subject: Re: Performance Tuning RHEL 5 and Bind From: Alan Clegg a...@clegg.com Fix your windows clients. You can't fix stupid. Confidentiality Notice: This electronic message and any attachments may contain confidential or privileged information, and is intended only for the individual or entity identified above as the addressee. If you are not the addressee (or the employee or agent responsible to deliver it to the addressee), or if this message has been addressed to you in error, you are hereby notified that you may not copy, forward, disclose or use any part of this message or any attachments. Please notify the sender immediately by return e-mail or telephone and delete this message from your system. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users Athena(r), Created for the Cause(tm) Making a Difference in the Fight Against Breast Cancer - CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you. -- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Performance Tuning RHEL 5 and Bind
On 20 October 2013 02:34, brett smith brett.s9...@gmail.com wrote: When all the Windows PC's are switched to our resolver, bind stops responding. rndc querylog shows queries coming thru, I changed tcp-clients from 1000 to 1 but DNS seems lagging, so we switched back to the original Windows Domain resolver. Besides increasing open files tuning, what TCP / sysctl or named.conf settings can be set to optimize / speed up DNS queries? Because it seems that Windows clients use TCP instead of UDP when looking at netstat on the server. It will depend on the type and size of the query (and on the configuration/structure of the network in-between) as to whether Windows uses UDP or is forced to switch to TCP. But the option you are probably looking for is recursive-clients and then pick a number. The default is 1000, so this is probably why if all of your systems are querying at once it stops responding to some of them. Other than that it's a case of how much memory, CPU. Is it a VM? if so have you reserved enough resources for it? What data is it serving? caching only? authoritative for any zones? Is query logging enabled? (this is a big performance hit as it has to write everything to disk, so your disk is going to be a bottleneck). Tuning is not something that you can be told this is what to do, there are a huge number of factors that will influence which parameters to tweak. But I'd definitely look to the recursive-clients option for starters. Steve ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Performance Tuning RHEL 5 and Bind
On Oct 19, 2013, at 9:34 PM, brett smith brett.s9...@gmail.com wrote: When all the Windows PC's are switched to our resolver, bind stops responding. What does stops responding mean? Any logs? rndc querylog shows queries coming thru, I changed tcp-clients from 1000 to 1 but DNS seems lagging, so we switched back to the original Windows Domain resolver. Are you really getting that many TCP based queries? If so, something is seriously broken. Besides increasing open files tuning, what TCP / sysctl or named.conf settings can be set to optimize / speed up DNS queries? Because it seems that Windows clients use TCP instead of UDP when looking at netstat on the server. Fix your windows clients. AlanC -- Alan Clegg | +1-919-355-8851 | a...@clegg.com signature.asc Description: Message signed with OpenPGP using GPGMail ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: Performance Tuning RHEL 5 and Bind
-Original Message- From: bind-users-bounces+stuart.browne=ausregistry.com...@lists.isc.org [mailto:bind-users-bounces+stuart.browne=ausregistry.com...@lists.isc.org] On Behalf Of brett smith Sent: Sunday, 20 October 2013 12:35 PM To: sth...@nethelp.no Cc: bind-users@lists.isc.org Subject: Re: Performance Tuning RHEL 5 and Bind When all the Windows PC's are switched to our resolver, bind stops responding. rndc querylog shows queries coming thru, I changed tcp-clients from 1000 to 1 but DNS seems lagging, so we switched back to the original Windows Domain resolver. Besides increasing open files tuning, what TCP / sysctl or named.conf settings can be set to optimize / speed up DNS queries? Because it seems that Windows clients use TCP instead of UDP when looking at netstat on the server. Thanks. Brett. On Sat, Oct 19, 2013 at 3:20 AM, sth...@nethelp.no wrote: I need to build a pair DNS cache servers to support 5000+ clients ( PC's and Servers ). I have been looking for some guides on tuning BIND and the OS for Enterprise performance rather than the defaults. The version of bind is bind-9.8.2. 5000 clients is such a low number that I don't think you need to worry about tuning at all. Steinar Haug, Nethelp consulting, sth...@nethelp.no If my experience with high-throughput through a redhat system is anything to go by, what you are probably hitting is the IPTables conntrack bucket limits. The simplest way to avoid this is to bypass connection tracking. You can do one of the following: - Turn off iptables (probably not a good idea) - Turn off conn-tracking and not use the state module, rewriting all rules (nasty) - Tell iptables to not conntrack for just udp/53 tcp/53 (-A -t raw -j NOTRACK -m tcp -p tcp --dport 53 ; -A -t raw -j NOTRACK -m udp -p udp --dport 53) We use the 3rd method and it works beautifully. Just ensure you're 'filter' rules don't force the use of conntrack for that traffic. See the man page for more details. Stuart ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Performance Tuning RHEL 5 and Bind
I need to build a pair DNS cache servers to support 5000+ clients ( PC's and Servers ). I have been looking for some guides on tuning BIND and the OS for Enterprise performance rather than the defaults. The version of bind is bind-9.8.2. 5000 clients is such a low number that I don't think you need to worry about tuning at all. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Performance tuning
Adamiec, Lawrence ladam...@kentlaw.iit.edu writes: Hello Lawrence, you problems might not be related to the configuration of your DNS Server software (BIND), but it can be related to your internal name resolution inside your organisation (forwarders, caches, mixed caching/authoritative DNS etc). Do you see the speed difference on the two websites (URLs for the Websites) from within your organisation, or when using an outside view (from home etc)? Of course we here in this mailing list can only have the look from outside, and that looks ok. Optimizing an internal DNS name resolution infrastructure requires someone that has knowledge on all possible name lookup path in a network (DNS, WINS, NetBT ...) and a good DNS knowledge. I would recommend to get an expert onsite for an DNS audit if you see the performance problem inside your organizations network. The BIND configuration is usually not the issue. Best regards Carsten Strotmann ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Performance tuning
Adamiec, Lawrence ladam...@kentlaw.iit.edu wrote on 11/26/2012 01:12:48 PM: To the best of my knowledge, there are no problems with our DNS. We only host 25 domains. The report must also address these two specific questions: 1. Why does www.kentlaw.iit.edu load quicker than kentlaw.iit.edu in any browser? Are you sure this is a DNS issue? Test it by adding both to /etc/hosts (or Windows equal). Reboot and flush all caches between tests. 2. What happens if we remove the forwarders option from named.conf? Depends why you have the forwarders. . I can't duplicate the issue in Q1 and I'm trying to determine a way of testing Q2. Oh the joys of intermittent problems. Are you sure the issues reported as Q1 are real? Have the web site folks been involved in discussions or are they just blaming DNS without testing anything? If possible sneak host file entries onto a handful of user machines and see if they still complain. Confidentiality Notice: This electronic message and any attachments may contain confidential or privileged information, and is intended only for the individual or entity identified above as the addressee. If you are not the addressee (or the employee or agent responsible to deliver it to the addressee), or if this message has been addressed to you in error, you are hereby notified that you may not copy, forward, disclose or use any part of this message or any attachments. Please notify the sender immediately by return e-mail or telephone and delete this message from your system. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Performance tuning
Hi, My original post was about writing a report to optimize our DNS servers and the report needed to address two questions. Based on the answers I received, I will write our servers are already optimized and no further tuning is needed. Now about the two specific questions for the report. Q1 -- I don't believe the problem is DNS related. However, I have not been able to recreate the trouble so I don't know if there is any problem. As other list members have posted, they didn't have any problems with the pages rendering either. As far as asking me about the web sites staff, well, I am the technical contact for our web sites. Our Public Affairs department handles content related issues and I take of all server related things. I will double check the web server, but it shouldn't be using any rewrites for the main page. And I don't know who is complaining about the pages. This question came from my boss. Q2 -- The forwarders statement was added to our config file about six years ago. Some users complained they could not reach two or three specific web sites outside our domain. At that time, one of our network staff members told me his nslookup for the sites were timing out. I was instructed to insert the forwarder statement with the main campus servers acting as the forwarder. The time outs stopped and people stopped complaining. I don't know that adding the forwarder statement actually fixed any trouble but nslookups did not time out, people stopped complaining, and my boss was happy. (I know dig is better). Unfortunately, I don't remember which sites people were complaining about. Larry On Tue, Nov 27, 2012 at 8:11 AM, wbr...@e1b.org wrote: Adamiec, Lawrence ladam...@kentlaw.iit.edu wrote on 11/26/2012 01:12:48 PM: To the best of my knowledge, there are no problems with our DNS. We only host 25 domains. The report must also address these two specific questions: 1. Why does www.kentlaw.iit.edu load quicker than kentlaw.iit.edu in any browser? Are you sure this is a DNS issue? Test it by adding both to /etc/hosts (or Windows equal). Reboot and flush all caches between tests. 2. What happens if we remove the forwarders option from named.conf? Depends why you have the forwarders. . I can't duplicate the issue in Q1 and I'm trying to determine a way of testing Q2. Oh the joys of intermittent problems. Are you sure the issues reported as Q1 are real? Have the web site folks been involved in discussions or are they just blaming DNS without testing anything? If possible sneak host file entries onto a handful of user machines and see if they still complain. Confidentiality Notice: This electronic message and any attachments may contain confidential or privileged information, and is intended only for the individual or entity identified above as the addressee. If you are not the addressee (or the employee or agent responsible to deliver it to the addressee), or if this message has been addressed to you in error, you are hereby notified that you may not copy, forward, disclose or use any part of this message or any attachments. Please notify the sender immediately by return e-mail or telephone and delete this message from your system. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Performance tuning
What a delightfully vague requirement. :) I would push back a bit on exactly what problems are attempted to be solved here. The BIND defaults are about as efficient as they can be, especially so in later versions. Doug On 11/26/2012 11:01 AM, Adamiec, Lawrence wrote: Hi, I have been tasked with authoring a DNS report to achieve optimal performance. The report must include: CPU usage memory usage bandwidth usage throughput latency I have found some information regarding the number of queries processed per minute but nothing of value for the above areas. Is there some documentation that discusses the above areas? We are running BIND 9.6-ESV-R5-P1, Solaris 10 on a SPARC server. My report will include the fact we must upgrade from BIND 9.6-ESV-R5-P1 Thank you in advance. Larry Lawrence Adamiec UNIX Mgr IIT Chicago-Kent College of Law ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Performance tuning
To the best of my knowledge, there are no problems with our DNS. We only host 25 domains. The report must also address these two specific questions: 1. Why does www.kentlaw.iit.edu load quicker than kentlaw.iit.edu in any browser? 2. What happens if we remove the forwarders option from named.conf? I can't duplicate the issue in Q1 and I'm trying to determine a way of testing Q2. Larry On Mon, Nov 26, 2012 at 11:39 AM, Doug Barton do...@dougbarton.us wrote: What a delightfully vague requirement. :) I would push back a bit on exactly what problems are attempted to be solved here. The BIND defaults are about as efficient as they can be, especially so in later versions. Doug On 11/26/2012 11:01 AM, Adamiec, Lawrence wrote: Hi, I have been tasked with authoring a DNS report to achieve optimal performance. The report must include: CPU usage memory usage bandwidth usage throughput latency I have found some information regarding the number of queries processed per minute but nothing of value for the above areas. Is there some documentation that discusses the above areas? We are running BIND 9.6-ESV-R5-P1, Solaris 10 on a SPARC server. My report will include the fact we must upgrade from BIND 9.6-ESV-R5-P1 Thank you in advance. Larry Lawrence Adamiec UNIX Mgr IIT Chicago-Kent College of Law ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: Performance tuning
For question 1: “Loading” is a function of the web site not DNS. Your first question could have to do what the default site is in your web configuration and what kind of rewrite rules are getting you to the other. If it were me I’d probably do some timed “host” or “dig” commands for the two records to verify name resolution itself wasn’t a problem. I guess it MIGHT be a minutely slower to resolve www if it is a CNAME to the other as opposed to both being A records. However, since this is a fairly common practice I doubt it is likely to be of major importance in overall timing. From: bind-users-bounces+jlightner=water@lists.isc.org [mailto:bind-users-bounces+jlightner=water@lists.isc.org] On Behalf Of Adamiec, Lawrence Sent: Monday, November 26, 2012 1:13 PM To: bind-users@lists.isc.org Subject: Re: Performance tuning To the best of my knowledge, there are no problems with our DNS. We only host 25 domains. The report must also address these two specific questions: 1. Why does www.kentlaw.iit.eduhttp://www.kentlaw.iit.edu load quicker than kentlaw.iit.eduhttp://kentlaw.iit.edu in any browser? 2. What happens if we remove the forwarders option from named.conf? I can't duplicate the issue in Q1 and I'm trying to determine a way of testing Q2. Larry On Mon, Nov 26, 2012 at 11:39 AM, Doug Barton do...@dougbarton.usmailto:do...@dougbarton.us wrote: What a delightfully vague requirement. :) I would push back a bit on exactly what problems are attempted to be solved here. The BIND defaults are about as efficient as they can be, especially so in later versions. Doug On 11/26/2012 11:01 AM, Adamiec, Lawrence wrote: Hi, I have been tasked with authoring a DNS report to achieve optimal performance. The report must include: CPU usage memory usage bandwidth usage throughput latency I have found some information regarding the number of queries processed per minute but nothing of value for the above areas. Is there some documentation that discusses the above areas? We are running BIND 9.6-ESV-R5-P1, Solaris 10 on a SPARC server. My report will include the fact we must upgrade from BIND 9.6-ESV-R5-P1 Thank you in advance. Larry Lawrence Adamiec UNIX Mgr IIT Chicago-Kent College of Law Athena®, Created for the Cause™ Making a Difference in the Fight Against Breast Cancer How and Why I Should Support Bottled Water! Do not relinquish your right to choose bottled water as a healthy alternative to beverages that contain sugar, calories, etc. Your support of bottled water will make a difference! Your signatures count! Go to http://www.bottledwatermatters.org/luv-bottledwater-iframe/dswaters and sign a petition to support your right to always choose bottled water. Help fight federal and state issues, such as bottle deposits (or taxes) and organizations that want to ban the sale of bottled water. Support community curbside recycling programs. Support bottled water as a healthy way to maintain proper hydration. Our goal is 50,000 signatures. Share this petition with your friends and family today! - CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you. -- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Performance tuning
On 26/11/12 19:12, Adamiec, Lawrence wrote: To the best of my knowledge, there are no problems with our DNS. We only host 25 domains. The report must also address these two specific questions: 1. Why does www.kentlaw.iit.edu http://www.kentlaw.iit.edu load quicker than kentlaw.iit.edu http://kentlaw.iit.edu in any browser? 2. What happens if we remove the forwarders option from named.conf? I can't duplicate the issue in Q1 and I'm trying to determine a way of testing Q2. In my browser the speeds are opposite, in both cases the key time is spent waiting for the web server. Case 2: if your DNS server has access to the internet, you will likely see an increase in speed. There are some test suites to test the general lookup speeds of servers, try with and without forwarders. I guess your numbers are better without but nobody will notice any difference in real life. In some cases there are some blocking of specific sites in place, those you will lose with no forwarder. Larry On Mon, Nov 26, 2012 at 11:39 AM, Doug Barton do...@dougbarton.us mailto:do...@dougbarton.us wrote: What a delightfully vague requirement. :) I would push back a bit on exactly what problems are attempted to be solved here. The BIND defaults are about as efficient as they can be, especially so in later versions. Doug On 11/26/2012 11:01 AM, Adamiec, Lawrence wrote: Hi, I have been tasked with authoring a DNS report to achieve optimal performance. The report must include: CPU usage memory usage bandwidth usage throughput latency I have found some information regarding the number of queries processed per minute but nothing of value for the above areas. Is there some documentation that discusses the above areas? We are running BIND 9.6-ESV-R5-P1, Solaris 10 on a SPARC server. My report will include the fact we must upgrade from BIND 9.6-ESV-R5-P1 Thank you in advance. Larry Lawrence Adamiec UNIX Mgr IIT Chicago-Kent College of Law ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Best regards Sten Carlsen No improvements come from shouting: MALE BOVINE MANURE!!! ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Performance tuning
On 26/11/12 19:23, Lightner, Jeff wrote: For question 1: Loading is a function of the web site not DNS. Your first question could have to do what the default site is in your web configuration and what kind of rewrite rules are getting you to the other. If it were me I'd probably do some timed host or dig commands for the two records to verify name resolution itself wasn't a problem. I guess it MIGHT be a minutely slower to resolve www if it is a CNAME to the other as opposed to both being A records. However, since this is a fairly common practice I doubt it is likely to be of major importance in overall timing. I checked with firebug DNS is in ms and loading the first file was 1.53s and 3.07s in the two cases(the file is 9.7kB), so external access does not depend on fast DNS, you need to focus on the web server. *From:*bind-users-bounces+jlightner=water@lists.isc.org [mailto:bind-users-bounces+jlightner=water@lists.isc.org] *On Behalf Of *Adamiec, Lawrence *Sent:* Monday, November 26, 2012 1:13 PM *To:* bind-users@lists.isc.org *Subject:* Re: Performance tuning To the best of my knowledge, there are no problems with our DNS. We only host 25 domains. The report must also address these two specific questions: 1. Why does www.kentlaw.iit.edu http://www.kentlaw.iit.edu load quicker than kentlaw.iit.edu http://kentlaw.iit.edu in any browser? 2. What happens if we remove the forwarders option from named.conf? I can't duplicate the issue in Q1 and I'm trying to determine a way of testing Q2. Larry On Mon, Nov 26, 2012 at 11:39 AM, Doug Barton do...@dougbarton.us mailto:do...@dougbarton.us wrote: What a delightfully vague requirement. :) I would push back a bit on exactly what problems are attempted to be solved here. The BIND defaults are about as efficient as they can be, especially so in later versions. Doug On 11/26/2012 11:01 AM, Adamiec, Lawrence wrote: Hi, I have been tasked with authoring a DNS report to achieve optimal performance. The report must include: CPU usage memory usage bandwidth usage throughput latency I have found some information regarding the number of queries processed per minute but nothing of value for the above areas. Is there some documentation that discusses the above areas? We are running BIND 9.6-ESV-R5-P1, Solaris 10 on a SPARC server. My report will include the fact we must upgrade from BIND 9.6-ESV-R5-P1 Thank you in advance. Larry Lawrence Adamiec UNIX Mgr IIT Chicago-Kent College of Law Athena®, Created for the Cause^(TM) Making a Difference in the Fight Against Breast Cancer *How and Why I Should Support Bottled Water! *Do not relinquish your right to choose bottled water as a healthy alternative to beverages that contain sugar, calories, etc. Your support of bottled water will make a difference! Your signatures count! Go to http://www.bottledwatermatters.org/luv-bottledwater-iframe/dswaters and sign a petition to support your right to always choose bottled water. Help fight federal and state issues, such as bottle deposits (or taxes) and organizations that want to ban the sale of bottled water. Support community curbside recycling programs. Support bottled water as a healthy way to maintain proper hydration. Our goal is 50,000 signatures. Share this petition with your friends and family today! - CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you. -- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Best regards Sten Carlsen No improvements come from shouting: MALE BOVINE MANURE!!! ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Performance tuning
Hello, This sounds suspiciously like a customer I deal with trying to figure out if they want to upgrade their hardware. The bottom line is with BIND logging your not really going to get all of these specifics. You will need to utilize the regular logging for the OS level on some of this to get to the real issues. The bottom line is that BIND doesn't really effect much of the system and ram depending on your environment and cache. Regards, Ed On Mon, Nov 26, 2012 at 1:23 PM, Lightner, Jeff jlight...@water.com wrote: For question 1: “Loading” is a function of the web site not DNS. Your first question could have to do what the default site is in your web configuration and what kind of rewrite rules are getting you to the other. ** ** If it were me I’d probably do some timed “host” or “dig” commands for the two records to verify name resolution itself wasn’t a problem. ** ** I guess it MIGHT be a minutely slower to resolve www if it is a CNAME to the other as opposed to both being A records. However, since this is a fairly common practice I doubt it is likely to be of major importance in overall timing. ** ** *From:* bind-users-bounces+jlightner=water@lists.isc.org [mailto: bind-users-bounces+jlightner=water@lists.isc.org] *On Behalf Of *Adamiec, Lawrence *Sent:* Monday, November 26, 2012 1:13 PM *To:* bind-users@lists.isc.org *Subject:* Re: Performance tuning ** ** To the best of my knowledge, there are no problems with our DNS. We only host 25 domains. ** ** The report must also address these two specific questions: ** ** 1. Why does www.kentlaw.iit.edu load quicker than kentlaw.iit.edu in any browser? 2. What happens if we remove the forwarders option from named.conf? I can't duplicate the issue in Q1 and I'm trying to determine a way of testing Q2. ** ** Larry ** ** On Mon, Nov 26, 2012 at 11:39 AM, Doug Barton do...@dougbarton.us wrote: What a delightfully vague requirement. :) I would push back a bit on exactly what problems are attempted to be solved here. The BIND defaults are about as efficient as they can be, especially so in later versions. Doug On 11/26/2012 11:01 AM, Adamiec, Lawrence wrote: Hi, I have been tasked with authoring a DNS report to achieve optimal performance. The report must include: CPU usage memory usage bandwidth usage throughput latency I have found some information regarding the number of queries processed per minute but nothing of value for the above areas. Is there some documentation that discusses the above areas? We are running BIND 9.6-ESV-R5-P1, Solaris 10 on a SPARC server. My report will include the fact we must upgrade from BIND 9.6-ESV-R5-P1 Thank you in advance. Larry Lawrence Adamiec UNIX Mgr IIT Chicago-Kent College of Law ** ** Athena®, Created for the Cause™ Making a Difference in the Fight Against Breast Cancer *How and Why I Should Support Bottled Water! *Do not relinquish your right to choose bottled water as a healthy alternative to beverages that contain sugar, calories, etc. Your support of bottled water will make a difference! Your signatures count! Go to http://www.bottledwatermatters.org/luv-bottledwater-iframe/dswaters and sign a petition to support your right to always choose bottled water. Help fight federal and state issues, such as bottle deposits (or taxes) and organizations that want to ban the sale of bottled water. Support community curbside recycling programs. Support bottled water as a healthy way to maintain proper hydration. Our goal is 50,000 signatures. Share this petition with your friends and family today! - CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you. -- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: Performance tuning
I did digs to both names from my work DNS infrastructure. The response was 58ms to resolve the WWW entry and 44ms for the non WWW entry. Would not appear to be a resolution related slow down. -Ben Croswell On Nov 26, 2012 1:25 PM, Lightner, Jeff jlight...@water.com wrote: For question 1: “Loading” is a function of the web site not DNS. Your first question could have to do what the default site is in your web configuration and what kind of rewrite rules are getting you to the other. ** ** If it were me I’d probably do some timed “host” or “dig” commands for the two records to verify name resolution itself wasn’t a problem. ** ** I guess it MIGHT be a minutely slower to resolve www if it is a CNAME to the other as opposed to both being A records. However, since this is a fairly common practice I doubt it is likely to be of major importance in overall timing. ** ** *From:* bind-users-bounces+jlightner=water@lists.isc.org [mailto: bind-users-bounces+jlightner=water@lists.isc.org] *On Behalf Of *Adamiec, Lawrence *Sent:* Monday, November 26, 2012 1:13 PM *To:* bind-users@lists.isc.org *Subject:* Re: Performance tuning ** ** To the best of my knowledge, there are no problems with our DNS. We only host 25 domains. ** ** The report must also address these two specific questions: ** ** 1. Why does www.kentlaw.iit.edu load quicker than kentlaw.iit.edu in any browser? 2. What happens if we remove the forwarders option from named.conf? I can't duplicate the issue in Q1 and I'm trying to determine a way of testing Q2. ** ** Larry ** ** On Mon, Nov 26, 2012 at 11:39 AM, Doug Barton do...@dougbarton.us wrote: What a delightfully vague requirement. :) I would push back a bit on exactly what problems are attempted to be solved here. The BIND defaults are about as efficient as they can be, especially so in later versions. Doug On 11/26/2012 11:01 AM, Adamiec, Lawrence wrote: Hi, I have been tasked with authoring a DNS report to achieve optimal performance. The report must include: CPU usage memory usage bandwidth usage throughput latency I have found some information regarding the number of queries processed per minute but nothing of value for the above areas. Is there some documentation that discusses the above areas? We are running BIND 9.6-ESV-R5-P1, Solaris 10 on a SPARC server. My report will include the fact we must upgrade from BIND 9.6-ESV-R5-P1 Thank you in advance. Larry Lawrence Adamiec UNIX Mgr IIT Chicago-Kent College of Law ** ** Athena®, Created for the Cause™ Making a Difference in the Fight Against Breast Cancer *How and Why I Should Support Bottled Water! *Do not relinquish your right to choose bottled water as a healthy alternative to beverages that contain sugar, calories, etc. Your support of bottled water will make a difference! Your signatures count! Go to http://www.bottledwatermatters.org/luv-bottledwater-iframe/dswaters and sign a petition to support your right to always choose bottled water. Help fight federal and state issues, such as bottle deposits (or taxes) and organizations that want to ban the sale of bottled water. Support community curbside recycling programs. Support bottled water as a healthy way to maintain proper hydration. Our goal is 50,000 signatures. Share this petition with your friends and family today! - CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you. -- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Performance tuning
Hi-- On Nov 26, 2012, at 10:12 AM, Adamiec, Lawrence wrote: The report must also address these two specific questions: • Why does www.kentlaw.iit.edu load quicker than kentlaw.iit.edu in any browser? • What happens if we remove the forwarders option from named.conf? I can't duplicate the issue in Q1 and I'm trying to determine a way of testing Q2. Q1 isn't related to DNS performance; both of the names you mention resolve to the same IP address via an A record. There wasn't a significant difference in response time I saw by loading the webpages (both took ~1.3 s per curl), but one likely could improve webserver performance by running Apache, nginx, or almost anything else instead of than Microsoft's IIS. The domain seems to be missing A records for your nameservers, however: http://www.dnsvalidation.com/reports/50b3b5167d79ee02b826 As for Q2, it depends on whether the nameservers you are pointing to do better in caching queries then your local nameservers would doing recursive lookups for themselves. If the local nameservers have poor connectivity compared to the forwarders, maybe, otherwise it's probably not helpful to use forwarders. Regards, -- -Chuck ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Performance tuning
I see no problems. [ec2-user@domU-12-31-39-06-2E-64 ~]$ time dig www.kentlaw.iit.edu ; DiG 9.7.0-P2-RedHat-9.7.0-5.P2.6.amzn1 www.kentlaw.iit.edu ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 54160 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.kentlaw.iit.edu. IN A ;; ANSWER SECTION: www.kentlaw.iit.edu.86400 IN A 64.131.119.9 ;; Query time: 847 msec ;; SERVER: 200.51.197.187#53(200.51.197.187) ;; WHEN: Mon Nov 26 19:23:46 2012 ;; MSG SIZE rcvd: 53 *real0m0.854s* user0m0.000s sys 0m0.008s [ec2-user@domU-12-31-39-06-2E-64 ~]$ time dig kentlaw.iit.edu ; DiG 9.7.0-P2-RedHat-9.7.0-5.P2.6.amzn1 kentlaw.iit.edu ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 39163 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;kentlaw.iit.edu. IN A ;; ANSWER SECTION: kentlaw.iit.edu.86400 IN A 64.131.119.9 ;; Query time: 780 msec ;; SERVER: 200.51.197.187#53(200.51.197.187) ;; WHEN: Mon Nov 26 19:24:11 2012 ;; MSG SIZE rcvd: 49 *real0m0.799s* user0m0.004s sys 0m0.016s [ec2-user@domU-12-31-39-06-2E-64 ~]$ Hope that helps. regards Saludos.- Leonardo Santagostini http://ar.linkedin.com/in/santagostini 2012/11/26 Chuck Swiger cswi...@mac.com Hi-- On Nov 26, 2012, at 10:12 AM, Adamiec, Lawrence wrote: The report must also address these two specific questions: • Why does www.kentlaw.iit.edu load quicker than kentlaw.iit.eduin any browser? • What happens if we remove the forwarders option from named.conf? I can't duplicate the issue in Q1 and I'm trying to determine a way of testing Q2. Q1 isn't related to DNS performance; both of the names you mention resolve to the same IP address via an A record. There wasn't a significant difference in response time I saw by loading the webpages (both took ~1.3 s per curl), but one likely could improve webserver performance by running Apache, nginx, or almost anything else instead of than Microsoft's IIS. The domain seems to be missing A records for your nameservers, however: http://www.dnsvalidation.com/reports/50b3b5167d79ee02b826 As for Q2, it depends on whether the nameservers you are pointing to do better in caching queries then your local nameservers would doing recursive lookups for themselves. If the local nameservers have poor connectivity compared to the forwarders, maybe, otherwise it's probably not helpful to use forwarders. Regards, -- -Chuck ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Performance tuning
Thanks to everyone who replied. Larry On Mon, Nov 26, 2012 at 1:25 PM, Leonardo Santagostini lsantagost...@gmail.com wrote: I see no problems. [ec2-user@domU-12-31-39-06-2E-64 ~]$ time dig www.kentlaw.iit.edu ; DiG 9.7.0-P2-RedHat-9.7.0-5.P2.6.amzn1 www.kentlaw.iit.edu ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 54160 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.kentlaw.iit.edu. IN A ;; ANSWER SECTION: www.kentlaw.iit.edu.86400 IN A 64.131.119.9 ;; Query time: 847 msec ;; SERVER: 200.51.197.187#53(200.51.197.187) ;; WHEN: Mon Nov 26 19:23:46 2012 ;; MSG SIZE rcvd: 53 *real0m0.854s* user0m0.000s sys 0m0.008s [ec2-user@domU-12-31-39-06-2E-64 ~]$ time dig kentlaw.iit.edu ; DiG 9.7.0-P2-RedHat-9.7.0-5.P2.6.amzn1 kentlaw.iit.edu ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 39163 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;kentlaw.iit.edu. IN A ;; ANSWER SECTION: kentlaw.iit.edu.86400 IN A 64.131.119.9 ;; Query time: 780 msec ;; SERVER: 200.51.197.187#53(200.51.197.187) ;; WHEN: Mon Nov 26 19:24:11 2012 ;; MSG SIZE rcvd: 49 *real0m0.799s* user0m0.004s sys 0m0.016s [ec2-user@domU-12-31-39-06-2E-64 ~]$ Hope that helps. regards Saludos.- Leonardo Santagostini http://ar.linkedin.com/in/santagostini 2012/11/26 Chuck Swiger cswi...@mac.com Hi-- On Nov 26, 2012, at 10:12 AM, Adamiec, Lawrence wrote: The report must also address these two specific questions: • Why does www.kentlaw.iit.edu load quicker than kentlaw.iit.eduin any browser? • What happens if we remove the forwarders option from named.conf? I can't duplicate the issue in Q1 and I'm trying to determine a way of testing Q2. Q1 isn't related to DNS performance; both of the names you mention resolve to the same IP address via an A record. There wasn't a significant difference in response time I saw by loading the webpages (both took ~1.3 s per curl), but one likely could improve webserver performance by running Apache, nginx, or almost anything else instead of than Microsoft's IIS. The domain seems to be missing A records for your nameservers, however: http://www.dnsvalidation.com/reports/50b3b5167d79ee02b826 As for Q2, it depends on whether the nameservers you are pointing to do better in caching queries then your local nameservers would doing recursive lookups for themselves. If the local nameservers have poor connectivity compared to the forwarders, maybe, otherwise it's probably not helpful to use forwarders. Regards, -- -Chuck ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Performance tuning tips required for bind 9.6.1-P3!!!
On 7/13/2010 1:11 PM, Shiva Raman wrote: Dear All This is in reference to the performance tuning , i had already gone through the mailing list archives , but could not find answer to my specific query mentioned here. Right now i am using queryperf to test the performance with sample query file of thousand entries. Right now i am getting only 2000 to 2300 qps . Kindly guide me for improving the bind performance from 2000 qps to nearly 1 qps. Which are the parameters i should change for improving the performance? Any os level parameters to be changed for improving the performance? What does your query file look like. On of the biggest things that affects the numbers for a caching server is the response time of the authoritative servers that answer the queries in your file. Network bottlenecks can be a problem too. (I remember one time I experimented with a caching server that had a stateful firewall between it and the Internet; effectively killed connectivity for everybody in the building) You may want to look at resperf: http://www.nominum.com/services/measurement_tools.php You may be able to get some more meaningful numbers from it. -- Dave ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
