Re: lookout timesouts

2016-09-21 Thread Nick Edwards
Thanks Mark, it's likely reason, they are using a microtek or such junk if my memory serves me correct, we will drop in a juniper and see if that resolves it. On Tue, Sep 20, 2016 at 7:51 AM, Mark Andrews wrote: > > In message qozh...@mail.gmail.com>, Nick Edwards writes: > > > > Hi, > > > > W

Re: forwarder (YES/NO)

2016-09-21 Thread Chris Buxton
Funny email address. I could be wrong, but it looks like you might have a firewall problem. The one really slow response is the one over 512 bytes. Is it possible you have a firewall that examines the contents of DNS messages? Regards, Chris Sent from my iPhone > On Sep 21, 2016, at 12:34 PM,

Re: adding zone forwards without restart

2016-09-21 Thread Sten Carlsen
I assume you did increase the serial, if not this is what I would expect to happen. On 21/09/16 10:53, Tony Finch wrote: > Frank Even wrote: > >> Is there a way to add forwarders for specific zones without a restart? >> Everything I've read seems to indicate an "rndc reconfig" or an "rndc >> rel

Re: forwarder (YES/NO)

2016-09-21 Thread Mark Andrews
Personally I would be looking for why there is such a big round trip times even to Google. PING 8.8.8.8 (8.8.8.8): 56 data bytes 64 bytes from 8.8.8.8: icmp_seq=0 ttl=57 time=16.654 ms 64 bytes from 8.8.8.8: icmp_seq=1 ttl=57 time=18.336 ms % traceroute -In 8.8.8.8 traceroute to 8.8.8.8 (8.8.8.8

Re: forwarder (YES/NO)

2016-09-21 Thread John W. Blue
Pol, You can "audit" your traffic by getting a pcap via tcpdump and then analyzing it in wireshark. Packets don't lie. John Sent from Nine From: Pol Hallen Sent: Sep 21, 2016 2:35 PM To: bind-users@lists.isc.org Subject: Re: forwarder (YES/NO) hello again! > try r

Re: forwarder (YES/NO)

2016-09-21 Thread Pol Hallen
hello again! try running dig +trace and see how fast it runs. It should return in about same time as BIND does (when it doesn't have anything in cache). ; <<>> DiG 9.10.3-P4-Debian <<>> +trace @192.168.1.212 yahoo.it ; (1 server found) ;; global options: +cmd . 518367 I

Re: adding zone forwards without restart

2016-09-21 Thread Tony Finch
Benny Pedersen wrote: > > why does reload not flush ? Often you want to reload zone files without throwing away the cache. Tony. -- f.anthony.n.finchhttp://dotat.at/ - I xn--zr8h punycode Bailey: Southeast 6 to gale 8, becoming cyclonic, mainly southwest, gale 8 to storm 10, backing south

Re: Querying locally on a nameserver - odd behavior

2016-09-21 Thread Graham Clinch
I have a DNS server (which is both forwarder and authoritative NS) and I see this odd behavior locally on the host: dig @localhost # returns immediately with right response dig @ # returns sometimes, timesout most of the time > [...] during this behavior, I saw lots of UDP packet l

Re: adding zone forwards without restart

2016-09-21 Thread Benny Pedersen
On 2016-09-21 16:49, philippe.simo...@swisscom.com wrote: and after a forward add a rndc flush can help too .. why does reload not flush ? imho a bug if thats the case ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe

RE: adding zone forwards without restart

2016-09-21 Thread Philippe.Simonet
Hi and after a forward add a rndc flush can help too .. philippe -Original Message- From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Matus UHLAR - fantomas Sent: Wednesday, September 21, 2016 10:03 AM To: bind-users@lists.isc.org Subject: Re: adding zone forwards

Re: replicate a whole master

2016-09-21 Thread Tony Finch
Mukund Sivaraman wrote: > > There's an attempt to make it go one step further by refreshing whole > zones in the cache: > > https://github.com/muks/dnsrefresh > > It needs another section to be completed before upload, possibly in time > for IETF-97. Oh dear, that is deeply problematic wrt DNSSEC

Re: Querying locally on a nameserver - odd behavior

2016-09-21 Thread blrmaani
On Wednesday, September 21, 2016 at 1:04:50 AM UTC-7, Matus UHLAR - fantomas wrote: > On 20.09.16 20:27, blrmaani wrote: > >I have a DNS server (which is both forwarder and authoritative NS) and I see > >this odd behavior locally on the host: > > > >dig @localhost # returns immediately with

Re: adding zone forwards without restart

2016-09-21 Thread Tony Finch
Frank Even wrote: > Is there a way to add forwarders for specific zones without a restart? > Everything I've read seems to indicate an "rndc reconfig" or an "rndc > reload" should take care of this, but they do not. I add forwarders to > "named.conf" and neither will load the new forwarded zone

Re: forwarder (YES/NO)

2016-09-21 Thread Matus UHLAR - fantomas
so simply leave BIND running and see if it's better tomorrow... On 21.09.16 09:29, Pol Hallen wrote: seems better today, but how I realize if bind runs correclty? I mean: if the speed of it is normal or if there are lags? try running dig +trace and see how fast it runs. It should return in a

Re: Querying locally on a nameserver - odd behavior

2016-09-21 Thread Matus UHLAR - fantomas
On 20.09.16 20:27, blrmaani wrote: I have a DNS server (which is both forwarder and authoritative NS) and I see this odd behavior locally on the host: dig @localhost # returns immediately with right response dig @ # returns sometimes, timesout most of the time I have allow-query {

Re: adding zone forwards without restart

2016-09-21 Thread Matus UHLAR - fantomas
On 2016-09-21 02:40, Frank Even wrote: Is there a way to add forwarders for specific zones without a restart? Everything I've read seems to indicate an "rndc reconfig" or an "rndc reload" should take care of this, but they do not. I add forwarders to "named.conf" and neither will load the new f

Re: forwarder (YES/NO)

2016-09-21 Thread Pol Hallen
so simply leave BIND running and see if it's better tomorrow... hello, seems better today, but how I realize if bind runs correclty? I mean: if the speed of it is normal or if there are lags? Now I tested some domains, almost all are ok but 2 of these are slow... using @8.8.8.8 with these tw