LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 05-24-2016, 01:02 AM   #1
dr.x
Member
 
Registered: Jan 2013
Posts: 167

Rep: Reputation: Disabled
Linux Bind optimization for ISP server


Hi Guys ,
actually i have my server in an ISP that is used for clients and indeed i feel with some slow especially in Facebook images don't appear sometimes .

i would like to see if i can optimize my server .

i will put my config of named.conf file :
=======================

//////////////
options {
listen-on port 53 { 127.0.0.1; x.x.66.10; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; xxxxx };
allow-query-cache { localhost; xx.xx; };
recursion yes;
recursive-clients 50000;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
forwarders { 208.67.222.123; 208.67.220.123; };
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";

managed-keys-directory "/var/named/dynamic";
};

logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};

zone "." IN {
type hint;
file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
=========================

the question is what can i do to optimize or speed up the dns resolution or caching ?

im not sure if caching is enabled or not .

all what i have is i forward the requests to Opendns server ip.


kind regards
 
Old 05-24-2016, 01:56 AM   #2
TenTenths
Senior Member
 
Registered: Aug 2011
Location: Dublin
Distribution: Centos 5 / 6 / 7
Posts: 2,737

Rep: Reputation: 1055Reputation: 1055Reputation: 1055Reputation: 1055Reputation: 1055Reputation: 1055Reputation: 1055Reputation: 1055
My first question is why aren't you using your ISPs name servers? They'll be physically "closer", alternatively use Google's DNS servers.

Do you have any specific reason you need IPV6 on the local interface? I know that if IPV6 is enabled then certain services (postfix for example) will attempt to use IPV6 first and then fall-back to IPV4 so that may also be causing a delay.
 
Old 05-24-2016, 02:29 AM   #3
dr.x
Member
 
Registered: Jan 2013
Posts: 167

Original Poster
Rep: Reputation: Disabled
no no ,

i mean I'm the ISP network admin and that is my server that will go to my clients

my clients will use my server with config above ....

but the issue is , sometimes my clients suffer that Facebook images not work or work partially

when i switch to 8.8.8.8 no problem

i just want to check where is the bottleneck there or why there is slow

thats it


thank you
 
Old 05-24-2016, 03:37 PM   #4
dr.x
Member
 
Registered: Jan 2013
Posts: 167

Original Poster
Rep: Reputation: Disabled
any help ?
 
Old 05-24-2016, 04:18 PM   #5
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Yawnstown, Ohio
Distribution: Mojave
Posts: 9,305
Blog Entries: 36

Rep: Reputation: Disabled
Quote:
Originally Posted by dr.x View Post
any help ?
Yeah, we're volunteers, so do be patient.
I can't figure out what the heck bind has to do with "facebook images"

Last edited by Habitual; 05-24-2016 at 04:21 PM.
 
Old 05-24-2016, 04:24 PM   #6
szboardstretcher
Senior Member
 
Registered: Aug 2006
Location: Detroit, MI
Distribution: GNU/Linux systemd
Posts: 4,213

Rep: Reputation: 1613Reputation: 1613Reputation: 1613Reputation: 1613Reputation: 1613Reputation: 1613Reputation: 1613Reputation: 1613Reputation: 1613Reputation: 1613Reputation: 1613
Using Bind as a DNS caching server? Tuned it for aging and timeouts?
 
Old 05-24-2016, 04:59 PM   #7
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Yawnstown, Ohio
Distribution: Mojave
Posts: 9,305
Blog Entries: 36

Rep: Reputation: Disabled
From what I read at https://www.digitalocean.com/communi...n-ubuntu-14-04
Seems there's only 2 kinds, caching and forwarding.

and he seems to be forwarding.
Quote:
forwarders { 208.67.222.123; 208.67.220.123; };
I can't speak to 208.67.222.123; 208.67.220.123, except that without knowing their end of things...
They could be using varnish-cache or some other similar mechanism in front of these resolvers.

If using Googles DNS or L3Comm's 8.8.8.8 / 4.2.2.2 resolves the issue, That's what I'd use.
I use those 2 everywhere, never an issue, ever.

Thanks.

Last edited by Habitual; 05-27-2016 at 01:59 PM.
 
Old 05-24-2016, 06:34 PM   #8
szboardstretcher
Senior Member
 
Registered: Aug 2006
Location: Detroit, MI
Distribution: GNU/Linux systemd
Posts: 4,213

Rep: Reputation: 1613Reputation: 1613Reputation: 1613Reputation: 1613Reputation: 1613Reputation: 1613Reputation: 1613Reputation: 1613Reputation: 1613Reputation: 1613Reputation: 1613
Good advice. I would point out to everyone that knows about L3's 4.2.2.2 to stop using it exclusively and start using 4.2.2.3, or 4.2.2.4, or 4.2.2.5 etc because the load on 4.2.2.2 is stifling for L3. Worked with a guy at L3 that complained about it. Try to mix it up a bit.
 
Old 05-25-2016, 10:59 AM   #9
lazydog
Senior Member
 
Registered: Dec 2003
Location: The Key Stone State
Distribution: CentOS Sabayon and now Gentoo
Posts: 1,171
Blog Entries: 3

Rep: Reputation: 185Reputation: 185
If I were L3 then I would place a load balance in front of it to easy the load on one server.
 
Old 05-26-2016, 02:20 PM   #10
dr.x
Member
 
Registered: Jan 2013
Posts: 167

Original Poster
Rep: Reputation: Disabled
.

hmmm ,
Guys is there a way to check if there is a bottleneck in the DNS itself ?


is it natural to have query with 900 ms ?


=====================

Quote:
[root@nsdns ~]# dig fbcd.net

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.1 <<>> fbcd.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45485
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 14

;; QUESTION SECTION:
;fbcd.net. IN A

;; ANSWER SECTION:
fbcd.net. 3600 IN A 162.251.5.190

;; AUTHORITY SECTION:
net. 157327 IN NS k.gtld-servers.net.
net. 157327 IN NS e.gtld-servers.net.
net. 157327 IN NS b.gtld-servers.net.
net. 157327 IN NS a.gtld-servers.net.
net. 157327 IN NS g.gtld-servers.net.
net. 157327 IN NS f.gtld-servers.net.
net. 157327 IN NS d.gtld-servers.net.
net. 157327 IN NS l.gtld-servers.net.
net. 157327 IN NS m.gtld-servers.net.
net. 157327 IN NS i.gtld-servers.net.
net. 157327 IN NS c.gtld-servers.net.
net. 157327 IN NS h.gtld-servers.net.
net. 157327 IN NS j.gtld-servers.net.

;; ADDITIONAL SECTION:
e.gtld-servers.net. 157326 IN A 192.12.94.30
m.gtld-servers.net. 157326 IN A 192.55.83.30
j.gtld-servers.net. 157326 IN A 192.48.79.30
k.gtld-servers.net. 157326 IN A 192.52.178.30
h.gtld-servers.net. 157326 IN A 192.54.112.30
l.gtld-servers.net. 157326 IN A 192.41.162.30
f.gtld-servers.net. 157326 IN A 192.35.51.30
a.gtld-servers.net. 157326 IN A 192.5.6.30
a.gtld-servers.net. 157326 IN AAAA 2001:503:a83e::2:30
g.gtld-servers.net. 157326 IN A 192.42.93.30
c.gtld-servers.net. 157326 IN A 192.26.92.30
b.gtld-servers.net. 157326 IN A 192.33.14.30
b.gtld-servers.net. 157326 IN AAAA 2001:503:231d::2:30
i.gtld-servers.net. 157326 IN A 192.43.172.30

;; Query time: 923 msec
;; SERVER: 176.58.66.10#53(1xxxxx10)
;; WHEN: Thu May 26 22:17:52 2016
;; MSG SIZE rcvd: 511

[root@nsdns ~]# dig linuxquestions.org

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.1 <<>> linuxquestions.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56881
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 6, ADDITIONAL: 12

;; QUESTION SECTION:
;linuxquestions.org. IN A

;; ANSWER SECTION:
linuxquestions.org. 300 IN A 75.126.162.205

;; AUTHORITY SECTION:
org. 74424 IN NS a2.org.afilias-nst.info.
org. 74424 IN NS a0.org.afilias-nst.info.
org. 74424 IN NS c0.org.afilias-nst.info.
org. 74424 IN NS b2.org.afilias-nst.org.
org. 74424 IN NS d0.org.afilias-nst.org.
org. 74424 IN NS b0.org.afilias-nst.org.

;; ADDITIONAL SECTION:
a0.org.afilias-nst.info. 157312 IN A 199.19.56.1
a0.org.afilias-nst.info. 157312 IN AAAA 2001:500:e::1
a2.org.afilias-nst.info. 157312 IN A 199.249.112.1
a2.org.afilias-nst.info. 157312 IN AAAA 2001:500:40::1
b0.org.afilias-nst.org. 157312 IN A 199.19.54.1
b0.org.afilias-nst.org. 157312 IN AAAA 2001:500:c::1
b2.org.afilias-nst.org. 157312 IN A 199.249.120.1
b2.org.afilias-nst.org. 157312 IN AAAA 2001:500:48::1
c0.org.afilias-nst.info. 157312 IN A 199.19.53.1
c0.org.afilias-nst.info. 157312 IN AAAA 2001:500:b::1
d0.org.afilias-nst.org. 157312 IN A 199.19.57.1
d0.org.afilias-nst.org. 157312 IN AAAA 2001:500:f::1

;; Query time: 163 msec
;; SERVER: 176.58.66.10#53(xxxx.66.10)
;; WHEN: Thu May 26 22:18:06 2016
;; MSG SIZE rcvd: 454

[root@nsdns ~]#
=================
also , is there some config needed to tune the kernel ?
my servers are getting huge request , but i monitor the CPU which is abpu 50 %

im not sure where is the issue that i have


hope to guide me to anything

cheers

Last edited by dr.x; 05-27-2016 at 01:57 AM. Reason: .
 
Old 05-26-2016, 09:30 PM   #11
szboardstretcher
Senior Member
 
Registered: Aug 2006
Location: Detroit, MI
Distribution: GNU/Linux systemd
Posts: 4,213

Rep: Reputation: 1613Reputation: 1613Reputation: 1613Reputation: 1613Reputation: 1613Reputation: 1613Reputation: 1613Reputation: 1613Reputation: 1613Reputation: 1613Reputation: 1613
You HAVE to put that in 'code' tags to make it acceptably readable. 140 posts, you should know the etiquette by now.

Last edited by szboardstretcher; 05-26-2016 at 09:31 PM.
 
Old 05-27-2016, 01:57 AM   #12
dr.x
Member
 
Registered: Jan 2013
Posts: 167

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by szboardstretcher View Post
You HAVE to put that in 'code' tags to make it acceptably readable. 140 posts, you should know the etiquette by now.
done
 
Old 05-27-2016, 06:31 AM   #13
TenTenths
Senior Member
 
Registered: Aug 2011
Location: Dublin
Distribution: Centos 5 / 6 / 7
Posts: 2,737

Rep: Reputation: 1055Reputation: 1055Reputation: 1055Reputation: 1055Reputation: 1055Reputation: 1055Reputation: 1055Reputation: 1055
Quote:
Originally Posted by dr.x View Post
Guys is there a way to check if there is a bottleneck in the DNS itself ?
Try the +trace option in dig to see if that gives you any clues.
Quote:
Originally Posted by dr.x View Post
is it natural to have query with 900 ms ?
No, it's not natural.
 
1 members found this post helpful.
Old 05-27-2016, 06:39 AM   #14
dr.x
Member
 
Registered: Jan 2013
Posts: 167

Original Poster
Rep: Reputation: Disabled
ok well ,
my ping timeout to 8.8.8. is about 60 ms

but the dns queries get like 150 and sometimes 500ms !!!!

here is the dig with and without the +trace option

again the ip 208.67.222.123 is an opendns ip dns server .

===================
Quote:
64 bytes from 8.8.8.8: icmp_seq=100 ttl=55 time=66.4 ms
64 bytes from 8.8.8.8: icmp_seq=101 ttl=55 time=66.3 ms
64 bytes from 8.8.8.8: icmp_seq=102 ttl=55 time=66.5 ms
64 bytes from 8.8.8.8: icmp_seq=103 ttl=55 time=66.4 ms
64 bytes from 8.8.8.8: icmp_seq=104 ttl=55 time=66.5 ms
64 bytes from 8.8.8.8: icmp_seq=105 ttl=55 time=66.5 ms
64 bytes from 8.8.8.8: icmp_seq=106 ttl=55 time=66.5 ms
64 bytes from 8.8.8.8: icmp_seq=107 ttl=55 time=66.5 ms
64 bytes from 8.8.8.8: icmp_seq=108 ttl=55 time=66.6 ms
64 bytes from 8.8.8.8: icmp_seq=109 ttl=55 time=66.6 ms
64 bytes from 8.8.8.8: icmp_seq=110 ttl=55 time=66.4 ms
64 bytes from 8.8.8.8: icmp_seq=111 ttl=55 time=66.4 ms
64 bytes from 8.8.8.8: icmp_seq=112 ttl=55 time=66.3 ms
64 bytes from 8.8.8.8: icmp_seq=113 ttl=55 time=66.5 ms
64 bytes from 8.8.8.8: icmp_seq=114 ttl=55 time=66.6 ms
64 bytes from 8.8.8.8: icmp_seq=115 ttl=55 time=66.4 ms
64 bytes from 8.8.8.8: icmp_seq=116 ttl=55 time=66.4 ms
64 bytes from 8.8.8.8: icmp_seq=117 ttl=55 time=66.4 ms
64 bytes from 8.8.8.8: icmp_seq=118 ttl=55 time=66.4 ms
64 bytes from 8.8.8.8: icmp_seq=119 ttl=55 time=66.3 ms
64 bytes from 8.8.8.8: icmp_seq=120 ttl=55 time=66.6 ms
64 bytes from 8.8.8.8: icmp_seq=121 ttl=55 time=66.6 ms
64 bytes from 8.8.8.8: icmp_seq=122 ttl=55 time=66.4 ms
64 bytes from 8.8.8.8: icmp_seq=123 ttl=55 time=66.6 ms
64 bytes from 8.8.8.8: icmp_seq=124 ttl=55 time=66.3 ms
64 bytes from 8.8.8.8: icmp_seq=125 ttl=55 time=66.6 ms
64 bytes from 8.8.8.8: icmp_seq=126 ttl=55 time=66.4 ms
64 bytes from 8.8.8.8: icmp_seq=127 ttl=55 time=66.5 ms
64 bytes from 8.8.8.8: icmp_seq=128 ttl=55 time=66.6 ms
64 bytes from 8.8.8.8: icmp_seq=129 ttl=55 time=66.4 ms
^C
--- 8.8.8.8 ping statistics ---
129 packets transmitted, 129 received, 0% packet loss, time 128762ms
rtt min/avg/max/mdev = 66.314/66.496/66.882/0.237 ms
[root@Dns-server2 ~]# dig www.linuxquestions.org @208.67.222.123 +trace

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> www.linuxquestions.org @208.67.222.123 +trace
;; global options: +cmd
. 515184 IN NS h.root-servers.net.
. 515184 IN NS i.root-servers.net.
. 515184 IN NS j.root-servers.net.
. 515184 IN NS d.root-servers.net.
. 515184 IN NS c.root-servers.net.
. 515184 IN NS g.root-servers.net.
. 515184 IN NS m.root-servers.net.
. 515184 IN NS f.root-servers.net.
. 515184 IN NS l.root-servers.net.
. 515184 IN NS b.root-servers.net.
. 515184 IN NS e.root-servers.net.
. 515184 IN NS a.root-servers.net.
. 515184 IN NS k.root-servers.net.
;; Received 228 bytes from 208.67.222.123#53(208.67.222.123) in 68 ms

org. 172800 IN NS b0.org.afilias-nst.org.
org. 172800 IN NS a2.org.afilias-nst.info.
org. 172800 IN NS a0.org.afilias-nst.info.
org. 172800 IN NS d0.org.afilias-nst.org.
org. 172800 IN NS c0.org.afilias-nst.info.
org. 172800 IN NS b2.org.afilias-nst.org.
;; Received 442 bytes from 192.228.79.201#53(192.228.79.201) in 237 ms

linuxquestions.org. 86400 IN NS ns2.systemdns.com.
linuxquestions.org. 86400 IN NS ns3.systemdns.com.
linuxquestions.org. 86400 IN NS ns1.systemdns.com.
;; Received 107 bytes from 199.19.56.1#53(199.19.56.1) in 320 ms

www.linuxquestions.org. 300 IN A 75.126.162.205
;; Received 56 bytes from 216.40.47.90#53(216.40.47.90) in 163 ms

[root@Dns-server2 ~]# dig www.linuxquestions.org @208.67.222.123

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> www.linuxquestions.org @208.67.222.123
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50831
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.linuxquestions.org. IN A

;; ANSWER SECTION:
www.linuxquestions.org. 300 IN A 75.126.162.205

;; Query time: 165 msec
;; SERVER: 208.67.222.123#53(208.67.222.123)
;; WHEN: Fri May 27 07:00:03 2016
;; MSG SIZE rcvd: 56

[root@Dns-server2 ~]#
 
Old 05-27-2016, 06:52 AM   #15
TenTenths
Senior Member
 
Registered: Aug 2011
Location: Dublin
Distribution: Centos 5 / 6 / 7
Posts: 2,737

Rep: Reputation: 1055Reputation: 1055Reputation: 1055Reputation: 1055Reputation: 1055Reputation: 1055Reputation: 1055Reputation: 1055
Those pings to 8.8.8.8 seem high. For reference my pings from different servers and home laptop are all under 10ms.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Applying optimization recursively by compiling again using optimization flags $u$hil_k$ Linux - General 1 11-18-2013 12:19 PM
Bind question (Changing ISP's) mgichoga Linux - Server 3 06-27-2007 09:20 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 10:03 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration