Re[2]: What can make DNS lookups slow?
Wednesday, January 12, 2005, 5:30:00 PM, Daniel Miller wrote:
DLM> If I were to guess - it's a DNS misconfiguration problem, not an
DLM> iptables problem.
DLM> Easy stuff first - what's in your /etc/resolv.conf?
DLM> Are you running any DNS servers on your firewall machine? If so, what?
DLM> You need to share a bit more information.
Thanks Daniel. I did try that earlier and got no responses. Hugely
appreciate your input. I have same problem with and without bind9
running on the machine. So with /etc/resolv.conf as:
cat resolv.conf
search psyctc.org
nameserver 127.0.0.1
nameserver 213.120.62.97
nameserver 213.120.62.98
nameserver 213.120.62.99
nameserver 213.120.62.100
nameserver 213.120.62.101
nameserver 213.120.62.102
nameserver 213.120.62.103
nameserver 213.120.62.104
and bind9 running I get:
time nslookup -sil www.sghms.ac.uk
Server: 213.120.62.101
Address: 213.120.62.101#53
Non-authoritative answer:
Name: www.sghms.ac.uk
Address: 194.82.51.10
real 0m5.348s
user 0m0.010s
sys 0m0.000s
If it stop bind and take 127.0.0.1 out of resolv.conf no change:
time nslookup -sil www.sghms.ac.uk
Server: 213.120.62.101
Address: 213.120.62.101#53
Non-authoritative answer:
Name: www.sghms.ac.uk
Address: 194.82.51.10
real 0m4.247s
user 0m0.010s
sys 0m0.000s
Utterly bizarrely to my mind, the server machine is fast in its
lookups. The hardware is slower and has essentially same resolv.conf:
search psyctc.org
#nameserver 217.34.100.197
nameserver 213.120.62.97
nameserver 213.120.62.98
nameserver 213.120.62.99
nameserver 213.120.62.100
nameserver 213.120.62.101
nameserver 213.120.62.102
nameserver 213.120.62.103
nameserver 213.120.62.104
That machine doesn't run bind9, but is served through the firewall
machine by proxy arp is fast:
time nslookup -sil www.sghms.ac.uk
Server: 213.120.62.97
Address: 213.120.62.97#53
Non-authoritative answer:
Name: www.sghms.ac.uk
Address: 194.82.51.10
real 0m0.214s
user 0m0.140s
sys 0m0.040s
Any thoughts?
TIA,
Chris
Reply to: