How to optimize dns requests

Abdellatif ...

unread,

Mar 15, 2013, 11:25:15 AM3/15/13

to bind-...@lists.isc.org

Hello;

I want to optimize the call to remote dns server to resolve domain names each time needed. What i want to do is that if the hostname is requested for the first time than call the remote dns (for example 8.8.8.8) to resolve it, once called then recorded for later use in such way when next time the seem domain name is requested for resolve than the cached ip is grabbed without need to call remote dns to maximize speed to optimize network traffic.

I have installed bind9 on my ubuntu machine. This is what i have in file : /etc/bind/named.conf.options

options {
        directory "/var/cache/bind";

        // If there is a firewall between you and nameservers you want
        // to talk to, you may need to fix the firewall to allow multiple
        // ports to talk.  See http://www.kb.cert.org/vuls/id/800113

        // If your ISP provided one or more IP addresses for stable
        // nameservers, you probably want to use them as forwarders.
        // Uncomment the following block, and insert the addresses replacing
        // the all-0's placeholder.
        // forward only ;
        forwarders {
                208.67.220.220;
                208.67.222.222;
                8.8.8.8;
        };
        allow-query { clients ; } ;
        // max-cache-size is in bytes : echo '2 * 1024^2' | bc
        max-cache-size 2097152 ;
        empty-zones-enable yes;

        //========================================================================
        // If BIND logs error messages about the root key being expired,
        // you will need to update your keys.  See https://www.isc.org/bind-keys
        //========================================================================
        dnssec-validation auto;

        auth-nxdomain no;    # conform to RFC1035
        listen-on-v6 { any; };
};

It doesn't seem to use the cache, here is the call of dig mail.com :

; <<>> DiG 9.8.1-P1 <<>> mail.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37152
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;mail.com.                      IN      A

;; ANSWER SECTION:
mail.com.               17208   IN      A       213.165.66.221

;; Query time: 233 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Mar 12 20:47:33 2013
;; MSG SIZE  rcvd: 42

So what i have missed as option to activate the caching ?

Regards

Tony Finch

unread,

Mar 15, 2013, 11:32:40 AM3/15/13

to Abdellatif ..., bind-...@lists.isc.org

Abdellatif ... <kiko...@live.com> wrote:
>
> It doesn't seem to use the cache, here is the call of dig mail.com :

If you dig it twice do you get a faster response?

Tony.
--
f.anthony.n.finch <d...@dotat.at> http://dotat.at/
Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at first.
Rough, becoming slight or moderate. Showers, rain at first. Moderate or good,
occasionally poor at first.

btb

unread,

Mar 15, 2013, 11:38:45 AM3/15/13

to bind-...@lists.isc.org

> forwarders {
> 208.67.220.220;
> 208.67.222.222;
> 8.8.8.8;
> };

on a semi-related note, i'd encourage you to not use forwarders. bind is perfectly happy to lookup and cache any data necessary on its own.

-ben

Matus UHLAR - fantomas

unread,

Mar 15, 2013, 12:04:55 PM3/15/13

to bind-...@lists.isc.org

On 15.03.13 15:25, Abdellatif ... wrote:
>I want to optimize the call to remote dns server to resolve domain names
> each time needed. What i want to do is that if the hostname is
>requested for the first time than call the remote dns (for example
>8.8.8.8) to resolve it, once called then recorded for later use in such
>way when next time the seem domain name is requested for resolve than
>the cached ip is grabbed without need to call remote dns to maximize
>speed to optimize network traffic.

This is how BIND normally works.

>It doesn't seem to use the cache, here is the call of dig mail.com :
>

>; <<>> DiG 9.8.1-P1 <<>> mail.com
[...]

>;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

this is clearly a cached answer (aa flag is missing). How did you come to
the conclusion that caching does not work?

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Save the whales. Collect the whole set.

Tony Finch

unread,

Mar 15, 2013, 12:25:16 PM3/15/13

to Matus UHLAR - fantomas, bind-...@lists.isc.org

Matus UHLAR - fantomas <uh...@fantomas.sk> wrote:
>
> this is clearly a cached answer (aa flag is missing). How did you come to
> the conclusion that caching does not work?

It's probably a cached answer from one of the forwarders. The response
time from the server was too long for it to be locally cached.

Lawrence K. Chen, P.Eng.

unread,

Mar 15, 2013, 2:36:40 PM3/15/13

to bind-...@lists.isc.org

Think you can only get aa if the the server is an authority....

I've been playing around with a local forward first caching server.... so I tried it.

First run:

% dig mail.com

; <<>> DiG 9.9.2-rpz.066.22-P1 <<>> mail.com

;; global options: +cmd
;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20016
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096