I asked:
> This is driving me crazy. I have been using bind for years, but I am just
> not finding this problem.
>
> This is my root level primary nameserver for the entire company (cbot.com).
> It is a Sun Solaris 2.5.1 sparc5. I am in the process of replacing the
> ancient in.named that ships with Suns to version 8.2.2 of bind. The fact
> that this happens both with the old bind and the new leads me to believe
> that the fact I am upgrading is not related.
>
> If I try to resolve a hostname within this domain, it is fine. So
> foo.cbot.com will instantly return something. Likewise if I fully qualify a
> machine in a subzone, that also returns. So foo.tsg.cbot.com instantly
> returns something. The problem is if I only partially resolve the name:
> for example, nslookup on "foo.tsg". (dot is punctuation in this email,
> not from the nslookup command) This *does* return, but it takes 45 seconds
> to do so. Resolving hosts entirely outside of our domain does not work at
> all if it has not already been snarfed. So for example I am told that
> www.whitehouse.gov does not exist (after the 45 second pause). However,
> if an outside site is cached in our internal DNS (for example,
> prep.ai.mit.edu), that hostname is resolved instantly.
>
> I have used nslookup interactively with "d2" debug level, and that 45 second
> pause is it "retrying" the query. Likewise "dig" tells me nothing
> informative.
>
> I have dumped the runtime DNS database, checked the named.boot (for the
> old named) or named.conf (for the new named), checked the /etc/resolv.conf,
> and everything looks fine. There is a problem here, but I am just not seeing
> it. What I am really looking for are suggestions of other things to check.
> Thanks.
The solution:
I fixed several problems, and one of them fixed that wierd delay. I'm not
sure which, but what the heck -- it is now working.
I added "query-source address * port 53;" to my named.conf file to force
bind to only use port 53 through the firewall. I also finally got logging to
work (the man pages are not at *all* clear), and found a typo in my master
files that bind version 4 didn't care about.
Thanks to:
James Ford <jford@tusc.net>
"Vanessa Little" <little@firmbuy.com>
Lusty Wench <lusty@lusty.org>
bhkhoo@nic.net.sg (Khoo Boon Hing)
"Gwynne, Alun P" <Alun.Gwynne@capgemini.co.uk>
Palmieri, Matt" <Matt.Palmieri@cmsis.com>
+-----------------------------------------------------------------------+
| Christopher L. Barnard O When I was a boy I was told that |
| cbarnard@tsg.cbot.com / \ anybody could become president. |
| (312) 347-4901 O---O Now I'm beginning to believe it. |
| http://www.cs.uchicago.edu/~cbarnard --Clarence Darrow |
+----------PGP public key available via finger or PGP keyserver---------+
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:14:05 CDT