DNSSEC and DNS slowdown
Hello! I have a strange problem. When I enable DNSSEC in my resolver (bind 9) - it slows down in several times. What do I do wrong? Or may be it is a feature? -- WBR, Max Tulyev (MT6561-RIPE, 2:463/253@FIDO)
Hi Max, On 2010-07-30, at 7:14 AM, Max Tulyev wrote:
Hello!
I have a strange problem. When I enable DNSSEC in my resolver (bind 9) - it slows down in several times.
What do I do wrong? Or may be it is a feature?
Your question might be better asked over on <bind-users@isc.org>, however... Switching on DNSSEC validation gives the resolver more work to do, that might slow it down a bit, but not so you'd notice if things are working properly. If you're using a DLV it will have even more work to do, which might slow it down a bit more. If the path between your resolver and the authority servers isn't able to properly pass larger responses you might be suffering from timeouts which would slow it down a lot. A tcpdump at the resolver would probably be informative. dave
On 07/30/10 04:14, Max Tulyev wrote:
Hello!
I have a strange problem. When I enable DNSSEC in my resolver (bind 9) - it slows down in several times.
What did you do _exactly_ to enable it? (Hint, if you simply twiddled knobs without configuring at least one trust anchor ...) hth, Doug -- Improve the effectiveness of your Internet presence with a domain name makeover! http://SupersetSolutions.com/ Computers are useless. They can only give you answers. -- Pablo Picasso
participants (3)
-
Dave Knight -
Doug Barton -
Max Tulyev