[TriLUG] Re: Caching DNS quickstart Was: RR DNS?

Tom Bryan tbryan at python.net
Tue Jul 16 03:26:50 EDT 2002 

On Sunday 14 July 2002 03:09 pm, James Manning wrote:

> > I can do this, but whenever pump configures my interface from my ISP's
> > DHCP servers, /etc/resolv.conf gets blasted away.  Does anyone know how
> > to set it up so that "nameserver 127.0.0.1" is the first line, and other
> > lines are just appended to the file?
>
> Excellent question.  What I've (sadly) done in the past is to just get
> the contents of the resolv.conf to the state that's "right" (127.0.0.1
> followed by the provider's DNS servers, RR's in this case) 

Now that named is running on my box, name lookups take forever.  I assume that 
I've done something wrong.

$ cat /etc/resolv.conf
nameserver 127.0.0.1
nameserver 24.93.67.64
nameserver 24.93.67.65
search nc.rr.com
$ hostname
inigo
$ dig -x 127.0.0.1

; <<>> DiG 9.2.0 <<>> -x 127.0.0.1
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24637
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;1.0.0.127.in-addr.arpa.                IN      PTR

;; ANSWER SECTION:
1.0.0.127.in-addr.arpa. 86400   IN      PTR     localhost.

;; AUTHORITY SECTION:
0.0.127.in-addr.arpa.   86400   IN      NS      localhost.

;; ADDITIONAL SECTION:
localhost.              86400   IN      A       127.0.0.1

;; Query time: 31 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Jul 16 07:13:37 2002
;; MSG SIZE  rcvd: 93
$ dig www.trilug.org

; <<>> DiG 9.2.0 <<>> www.trilug.org
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 555
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;www.trilug.org.                        IN      A

;; ANSWER SECTION:
www.trilug.org.         3600    IN      A       64.244.27.132

;; AUTHORITY SECTION:
trilug.org.             3600    IN      NS      ns1.trilug.org.
trilug.org.             3600    IN      NS      ns2.trilug.org.

;; ADDITIONAL SECTION:
ns1.trilug.org.         3600    IN      A       64.244.27.132
ns2.trilug.org.         3600    IN      A       208.17.72.2

;; Query time: 106 msec
;; SERVER: 24.93.67.64#53(24.93.67.64)
;; WHEN: Tue Jul 16 07:14:28 2002
;; MSG SIZE  rcvd: 116
$ dig www.trilug.org

; <<>> DiG 9.2.0 <<>> www.trilug.org
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29329
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;www.trilug.org.                        IN      A

;; ANSWER SECTION:
www.trilug.org.         3585    IN      A       64.244.27.132

;; AUTHORITY SECTION:
trilug.org.             135892  IN      NS      NS1.DARKCANVAS.COM.
trilug.org.             135892  IN      NS      NS1.trilug.org.

;; ADDITIONAL SECTION:
NS1.DARKCANVAS.COM.     135987  IN      A       208.17.72.2
NS1.trilug.org.         143510  IN      A       64.244.27.132

;; Query time: 12 msec
;; SERVER: 24.93.67.64#53(24.93.67.64)
;; WHEN: Tue Jul 16 07:14:43 2002
;; MSG SIZE  rcvd: 140

According to the HOWTO that John pointed to, that second dig should have come 
from my local nameserver.  Any ideas on where to look next.  I haven't 
modified any of the BIND configuration files that were installed with 
RedHat's RPMs.  Does my hostname need to have some sort of bogus domain?  Did 
the instructions John gave work for anyone else with RH 7.3?  Is it a problem 
that this machine also runs an ipchains firewall?  It doesn't seem to matter 
whether or not I uncomment 
query-source address * port 53;
in the named.conf file.

Evidence of long name lookups:
$ ping www.trilug.org
PING www.trilug.org (64.244.27.132) from 66.26.90.109 : 56(84) bytes of data.
64 bytes from fatalpha.trilug.org (64.244.27.132): icmp_seq=1 ttl=240 
time=42.6 ms
64 bytes from fatalpha.trilug.org (64.244.27.132): icmp_seq=2 ttl=240 
time=41.4 ms
64 bytes from fatalpha.trilug.org (64.244.27.132): icmp_seq=3 ttl=240 
time=43.1 ms
--- www.trilug.org ping statistics ---
3 packets transmitted, 3 received, 0% loss, time 10272ms
rtt min/avg/max/mdev = 41.411/42.412/43.170/0.757 ms

$ ping 64.244.27.132
PING 64.244.27.132 (64.244.27.132) from 66.26.90.109 : 56(84) bytes of data.
64 bytes from 64.244.27.132: icmp_seq=1 ttl=240 time=41.0 ms
64 bytes from 64.244.27.132: icmp_seq=2 ttl=240 time=41.9 ms
64 bytes from 64.244.27.132: icmp_seq=3 ttl=240 time=42.6 ms
--- 64.244.27.132 ping statistics ---
3 packets transmitted, 3 received, 0% loss, time 2015ms
rtt min/avg/max/mdev = 41.074/41.891/42.672/0.673 ms

Note that the response times are about the same, but the total time is *much* 
longer when I use www.trilug.org.  What you can't see is that the first case 
pauses noticeably between sending each ping (while it looks up the IP?).

I guess this is what I get for trying to reduce the load on everyone else's 
nameservers.  :-)

---Tom

More information about the TriLUG mailing list