From owner-freebsd-net@FreeBSD.ORG Fri Mar 19 11:35:18 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3D6FB16A4CE for ; Fri, 19 Mar 2004 11:35:18 -0800 (PST) Received: from sccrmhc11.comcast.net (sccrmhc11.comcast.net [204.127.202.55]) by mx1.FreeBSD.org (Postfix) with ESMTP id DD10743D2F for ; Fri, 19 Mar 2004 11:35:17 -0800 (PST) (envelope-from cristjc@comcast.net) Received: from blossom.cjclark.org (c-67-169-127-171.client.comcast.net[67.169.127.171]) by comcast.net (sccrmhc11) with ESMTP id <2004031919351601100idq06e>; Fri, 19 Mar 2004 19:35:16 +0000 Received: from blossom.cjclark.org (localhost. [127.0.0.1]) by blossom.cjclark.org (8.12.9p2/8.12.8) with ESMTP id i2JJZF0m054464; Fri, 19 Mar 2004 11:35:15 -0800 (PST) (envelope-from cristjc@comcast.net) Received: (from cjc@localhost) by blossom.cjclark.org (8.12.9p2/8.12.9/Submit) id i2JJZEjQ054463; Fri, 19 Mar 2004 11:35:14 -0800 (PST) (envelope-from cristjc@comcast.net) X-Authentication-Warning: blossom.cjclark.org: cjc set sender to cristjc@comcast.net using -f Date: Fri, 19 Mar 2004 11:35:14 -0800 From: "Crist J. Clark" To: 789456123@gmx.de Message-ID: <20040319193514.GB54073@blossom.cjclark.org> References: <6686.1079661277@www27.gmx.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <6686.1079661277@www27.gmx.net> User-Agent: Mutt/1.4.1i X-URL: http://people.freebsd.org/~cjc/ cc: freebsd-net@freebsd.org Subject: Re: BIND: Lookup of CNAME records X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: "Crist J. Clark" List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Mar 2004 19:35:18 -0000 On Fri, Mar 19, 2004 at 02:54:37AM +0100, 789456123@gmx.de wrote: > I have set up a FreeBSD (5.2.1-RELEASE) box acting as a gateway and > running version 8.3.7-REL of BIND. For testing purposes my > configuration file looks as follows: > > options { > directory "/etc/namedb"; > pid-file "/var/run/named/pid"; > > forward only; > > forwarders { > 195.62.99.42; > 195.62.97.177; > }; > > query-source address * port 53; > }; > > zone "." { > type hint; > file "named.root"; > }; > > This setup (actually a replacement for just adding the two nameservers > to resolv.conf) works fine with lookup tools like "host", "nslookup", > or "dnsquery". However, when I try to telnet or ftp a server whose > name is a CNAME record, it takes about 77 seconds until the lookup is > complete. This appears quite odd to me, as "host" does the lookup > perfectly well and fast. Connections to A name records are no problem > however. How long does it take to do a reverse-lookup on the result of the previous lookups? The applications may be trying to resolve a PTR record for the final IP address they end up with. > My first assumption was that "ftp" or "telnet" were not doing lookups > properly. But modifying resolv.conf in a way that it uses the two > nameservers directly (instead of the local nameserver) solved the > CNAME lookup problem. Strange. The first issue wouldn't really explain that. You can try the following two tests and compare the difference, 1) Put the two external servers in resolv.conf, and run, # tcpdump -s512 port 53 And try your ftp or telnet. 2) Put 127.0.0.1 back into resolv.conf, clear the cache of the local BIND (not sure of a way to do that other than killing and restarting in 8.x.x), and run the same thing, # tcpdump -s512 port 53 And again try the ftp or telnet. -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org