Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I suspect that our dns server is not setup correctly, as there is a considerable delay (1-10s) before viewing webpages. I have much shorter response times at my home machine, though that is on a slow dial-up connection.
Looking into the tcpdump logfile, I see our dns server is messing around with dns queries during that time.
(Besides, when starting bind, it gives an error message about an incorrect hint record).
Our dns server should use our iSP's dns servers. It actually uses them, but I see much more dns queries going out to other dns servers on the web.
I know only a very little about dns matters, and I would like to know:
When our dns server (bind) is setup to use the dns server of our ISP, and it needs to do a dns lookup:
- should our dns server always connect to our ISP's dns server first?
- if our ISP's dns server itself cannot resolve the name:
a) does it go further and contact other dns servers until it finally resolves that and sends the answer back to our dns server, or
b) does it only instruct our dns server to do further dns queries on its own?
Originally posted by J_Szucs
I know only a very little about dns matters, and I would like to know:
When our dns server (bind) is setup to use the dns server of our ISP, and it needs to do a dns lookup:
- should our dns server always connect to our ISP's dns server first?
- if our ISP's dns server itself cannot resolve the name:
a) does it go further and contact other dns servers until it finally resolves that and sends the answer back to our dns server, or
b) does it only instruct our dns server to do further dns queries on its own?
- should our dns server always connect to our ISP's dns server first?
No- If any request to your DNS server (eg. yourdomain.com), your DNS server will search for the root first (do you see in /var/named/root.hints or named.ca), try to vi it.
That's the root file, it will tell your DNS server to go there to asking about yourdomain.com. Then after reach there, the root will tell them where you can find yourdomain.com, if the root cannot give your DNS an answer, it will tell your DNS to go to other place which contains the information about yourdomain.com
- if our ISP's dns server itself cannot resolve the name:
it does go further and contact other dns servers until it finally resolves that and sends the answer back to the reqeustor (not always to your dns server)
I have good success setting my domain to check with my DNS server first for local stuff. Then it uses the forwarders ( my ISP ) to find anything which it doesn't know about. That would be anything on the Internet.
The important files are /etc/named.conf
/etc/named.custom
/etc/resolv.conf
Here are examples from my domain DNS setup.
___________________________________________________
## named.conf - configuration for bind
#
# Generated automatically by redhat-config-bind, alchemist et al.
# Any changes not supported by redhat-config-bind should be put
# in /etc/named.custom
#
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
include "/etc/named.custom";
include "/etc/rndc.key";
zone "0.168.192.in-addr.arpa" {
type master;
file "0.168.192.in-addr.arpa.zone";
allow-update {
192.168.0.1;
};
};
zone "mydomain.com" {
type master;
file "mydomain.com.zone";
allow-update {
192.168.0.1;
};
};
________________________________________________
## named.custom - custom configuration for bind
#
# Any changes not currently supported by redhat-config-bind should be put
# in this file.
#
# Note: Put your ISP DNS server addresses below.
why dont u want to setup your own caching DNS server? It will yeild faster responses for previously visted sites than having it query your ISPs servers. It acutally makes no sense to even have your own DNS server and not allow it to cache, unless you just REAALLY dont want it to for some special reason. In affect your are telling a server to ask a server for an ip address. Man in the middle kinda thing that will slow down the process. Rather, you should setup your server to also cahce and allow recursion for the internal hosts and skip the forwarding stuff.
If you want to setup caching u need the following (maybe with slight modifications to file paths)
Code:
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
notify no;
};
zone "127.in-addr.arpa" IN {
type master;
file "127.zone";
allow-update { none; };
notify no;
};
where named.ca is the root-servers file
Code:
localhost.zone file
$TTL 1W
@ IN SOA ns.localhost. root.localhost. (
2002081601 ; Serial
28800 ; Refresh
14400 ; Retry
604800 ; Expire - 1 week
86400 ) ; Minimum
IN NS ns
localhost. IN A 127.0.0.1
Code:
127.zone flie
$TTL 1W
@ IN SOA ns.localhost. root.localhost. (
2002081601 ; Serial
28800 ; Refresh
14400 ; Retry
604800 ; Expire - 1 week
86400 ) ; Minimum
IN NS ns
localhost. IN A 127.0.0.1
Code:
named.ca file
; This file holds the information on root name servers needed to
; initialize cache of Internet domain name servers
; (e.g. reference this file in the "cache . <file>"
; configuration file of BIND domain name servers).
;
; This file is made available by InterNIC
; under anonymous FTP as
; file /domain/named.cache
; on server FTP.INTERNIC.NET
;
; last update: Nov 5, 2002
; related version of root zone: 2002110501
;
;
; formerly NS.INTERNIC.NET
;
. 3600000 IN NS A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
;
; formerly NS1.ISI.EDU
;
. 3600000 NS B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET. 3600000 A 128.9.0.107
;
; formerly C.PSI.NET
;
. 3600000 NS C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
;
; formerly TERP.UMD.EDU
;
. 3600000 NS D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET. 3600000 A 128.8.10.90
;
; formerly NS.NASA.GOV
;
. 3600000 NS E.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
;
; formerly NS.ISC.ORG
;
. 3600000 NS F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
;
; formerly NS.NIC.DDN.MIL
;
. 3600000 NS G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
;
; formerly AOS.ARL.ARMY.MIL
;
. 3600000 NS H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53
;
; formerly NIC.NORDU.NET
;
. 3600000 NS I.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17
;
; operated by VeriSign, Inc.
;
. 3600000 NS J.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30
;
; housed in LINX, operated by RIPE NCC
;
. 3600000 NS K.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129
;
; operated by IANA
;
. 3600000 NS L.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET. 3600000 A 198.32.64.12
;
; housed in Japan, operated by WIDE
;
. 3600000 NS M.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33
; End of File
based on your setup (after further review) all queries should be answered only by your ISPs DNS servers (according to DNS and BIND by Albitz and Liu).
here is a paragraph ripped from the book:
A primary master or slave name server's mode of operation changes slightly when it is configrued to use a forwarder. If a resolver requests records that are already in the name server's authoritative data or cahced data, the name server answers with that information; this part of its operation hasn't changed. However, if the records aren't in its database, the name server sends the query to a forwarder and waits a short period for an answer before resuming normal operation and contatcting the remote name servers itself. What the name server is doing differently here is sending a recursive query to the forwarder, expecting it to find the answer. At all other times, the name server send out nonrecursive queries to other name servers and deals with the resopnses that only refer it to the ohter name servers.
this basically says ( i think ) . your server will try to ask you ISP for an answer. if that response takes 2 long, it will ask for the the answer non-recursivley.. i.e. worst case is if you ask for host.domain.com it will ask the root servers for .com then it will ask the server that owns .com for domain then it will ask domain.com's name server for host and. 3 servers quieried for the response, 4 total if u include the original request to your ISP. So if you see it asking many other servers, it's because of the nonrecursive query after your ISP took 2 long to give an answer.
that sucks!!!!!
in the book it lists 1 good reason for using forwarders, if you only have 1 nameserver on your network and it has a network connection, and you arent being charged for bandwidth, you dont need to forward requests to your ISP's nameservers.
Last edited by Robert0380; 10-31-2003 at 03:04 AM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
