Home › Forums › OS X Server and Client Discussion › DNS › Snow Leopard Server DNS very very slow
Hello Admins and Apple Techies
I do use SLS on a Mac Mini 1.83GHz with 2GB of memory.
More or less all services do work fine, except the very very slow DNS.
I did the following settings.
1) DNS Server settings are Debug loglevel, localnets, forwarders are the DNS servers of my networkprovider which are 195.186.1.162, 195.186.4.162
2) Zone settings are 1.99.168.192.in-addr.arpa, 192.168.99.1 for server.private., addressbook.server.private. as alias to server.private., calendar.server.private as alias to server.private. and ical.server.private. as alias to server.private.
3) The clients and the server do have the following settings in the network settings for DNS entry.
192.1686.99.1, 195.186.162, 195.186.4.162
Below you will see the logfile for a query of store.apple.com. As you can see it took 2 minutes to get the server IP of store.apple.com. If I switch off my DNS Server, the clients get this page very very quick. The CPU load is close to nothing.
26-Oct-2009 14:37:34.137 createfetch: store.apple.com A
26-Oct-2009 14:37:34.138 connection refused resolving ‘store.apple.com/A/IN’: 195.186.1.162#53
26-Oct-2009 14:37:34.147 createfetch: store.apple.com AAAA
26-Oct-2009 14:37:35.139 createfetch: store.apple.com A
26-Oct-2009 14:37:35.150 createfetch: store.apple.com AAAA
26-Oct-2009 14:37:42.933 connection refused resolving ‘store.apple.com/AAAA/IN’: 17.254.0.59#53
26-Oct-2009 14:37:44.269 connection refused resolving ‘store.apple.com/AAAA/IN’: 17.72.133.64#53
26-Oct-2009 14:37:55.587 connection refused resolving ‘store.apple.com/A/IN’: 17.254.0.50#53
26-Oct-2009 14:37:57.833 success resolving ‘store.apple.com/A’ (in ‘apple.com’?) after disabling EDNS
26-Oct-2009 14:37:57.834 createfetch: store.apple.com.akadns.net A
26-Oct-2009 14:37:57.834 connection refused resolving ‘store.apple.com.akadns.net/A/IN’: 195.186.4.162#53
26-Oct-2009 14:38:00.040 success resolving ‘store.apple.com/AAAA’ (in ‘apple.com’?) after reducing the advertised EDNS UDP packet size to 512 octets
26-Oct-2009 14:38:00.040 createfetch: store.apple.com.akadns.net AAAA
26-Oct-2009 14:38:00.041 connection refused resolving ‘store.apple.com.akadns.net/AAAA/IN’: 195.186.4.162#53
26-Oct-2009 14:38:08.147 createfetch: store.apple.com.bluewin.ch A
26-Oct-2009 14:38:08.147 connection refused resolving ‘store.apple.com.bluewin.ch/A/IN’: 195.186.4.162#53
26-Oct-2009 14:38:08.157 createfetch: store.apple.com.bluewin.ch AAAA
26-Oct-2009 14:38:11.153 createfetch: store.apple.com.bluewin.ch A
26-Oct-2009 14:38:11.163 createfetch: store.apple.com.bluewin.ch AAAA
26-Oct-2009 14:38:20.055 connection refused resolving ‘store.apple.com.bluewin.ch/AAAA/IN’: 195.186.1.110#53
26-Oct-2009 14:38:26.235 connection refused resolving ‘store.apple.com.akadns.net/A/IN’: 204.2.178.133#53
26-Oct-2009 14:38:26.970 connection refused resolving ‘store.apple.com.bluewin.ch/AAAA/IN’: 195.186.4.162#53
26-Oct-2009 14:38:33.055 success resolving ‘store.apple.com.bluewin.ch/A’ (in ‘bluewin.ch’?) after disabling EDNS
26-Oct-2009 14:38:33.211 success resolving ‘store.apple.com.bluewin.ch/AAAA’ (in ‘bluewin.ch’?) after reducing the advertised EDNS UDP packet size to 512 octets
26-Oct-2009 14:39:28.038 createfetch: store.apple.com.akadns.net A
26-Oct-2009 14:39:28.049 createfetch: store.apple.com.akadns.net AAAA
26-Oct-2009 14:39:37.056 createfetch: store.apple.com.akadns.net A
26-Oct-2009 14:39:37.067 createfetch: store.apple.com.akadns.net AAAA
26-Oct-2009 14:39:37.928 success resolving ‘store.apple.com.akadns.net/A’ (in ‘akadns.NET’?) after reducing the advertised EDNS UDP packet size to 512 octets
26-Oct-2009 14:39:38.262 createfetch: store.apple.com.akadns.net AAAA
26-Oct-2009 14:39:39.264 createfetch: store.apple.com.akadns.net AAAA
26-Oct-2009 14:39:39.275 success resolving ‘store.apple.com.akadns.net/AAAA’ (in ‘akadns.NET’?) after disabling EDNS
Thank you for anyones advice and help.
Kind regards
Thomas Thaler
[QUOTE][u]Quote by: MacTroll[/u][p]Your DNS server is attempting to use DNS-SEC, for validated DNS lookups. This requires a larger UDP packet size, >512 bytes, than your firewall seems to like. It then has to wait to both decide it needs to reduce packet size /and/ to get a negative result on the lookup.
I would imagine that the DNS resolver on OS X client doesn’t bother to do a DNS-SEC lookup, and hence no issue.[/p][/QUOTE]
Thank you for your feedback.
How can I change this behavior on Mac OS X Snow Leopard Server DNS?