netbsd-users: BIND9 very slow resolving external addresses

Subject: BIND9 very slow resolving external addresses
To: None <netbsd-users@netbsd.org>
From: Amadeus Stevenson <amadeus.stevenson@gmail.com>
List: netbsd-users
Date: 12/09/2004 19:18:22

Hello,

I recently set up a simple ipnat/ipf firewall on a lan with a local
caching DNS server, bind9 from pkg_add.

It takes about a second or two to resolve external addresses, which is
slowing things down a lot. Once cached it is much faster. Do you have
any ideas what I am doing wrong? This happens from the gateway itself
as well as from every natted box. I never used to have this problem
before:

# time nslookup www.whales.org
Server:  localhost
Address:  127.0.0.1

Non-authoritative answer:
Name:    whales.org
Address:  216.74.96.157
Aliases:  www.whales.org

    2.62s real     0.00s user     0.00s system
# time nslookup www.whales.org
Server:  localhost
Address:  127.0.0.1

Non-authoritative answer:
Name:    whales.org
Address:  216.74.96.157
Aliases:  www.whales.org

    0.01s real     0.00s user     0.00s system

Thanks for any help you could provide!

Amadeus

--

NetBSD gateway 1.6.2
BIND 9.2.3
ipf: IP Filter: v3.4.29 (336)

rc.conf:
named9=YES

resolv.conf:
nameserver 127.0.0.1

/etc/hosts:
127.0.0.1               localhost
192.168.0.1             localhost

ipf.conf (rtk0 is external interface):
pass out from any to any
pass in from any to any
block out log on rtk0 proto tcp/udp from any to any
block in log on rtk0 proto tcp/udp from any to any
pass out quick on rtk0 proto tcp/udp from any to any port = 53 keep state
...

ipnat.conf:
map rtk0 192.168.0.0/24 -> 0/32 portmap tcp/udp 10000:40000
map rtk0 192.168.0.0/24 -> 0/32

named.conf (ln -s /etc/namedb/named.conf /etc/named.conf):

options {
        directory "/etc/namedb";
};

zone "." {
        type hint;
        file "root.cache";
};

zone "localhost" {
        type master;
        file "localhost";
};

zone "127.IN-ADDR.ARPA" {
        type master;
        file "127";
};
zone "0.168.192.in-addr.arpa" {
        type master;
        notify no;
        file "0.168.192";
};

0.168.192:
;       $NetBSD: 127,v 1.4 2001/01/28 06:59:31 itojun Exp $

$TTL    3600
@       IN      SOA     netbsd.org. hostmaster.netbsd.org.  (
                                1999012100      ; Serial
                                3600            ; Refresh
                                300             ; Retry
                                3600000         ; Expire
                                3600 )          ; Minimum
        IN      NS      localhost.