LinuxQuestions.org - slow dns resolution

- Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)

- - slow dns resolution (https://www.linuxquestions.org/questions/linux-networking-3/slow-dns-resolution-789109/)

slow dns resolution

Hi everyone,

I'm running Ubuntu 9.10 and experiencing slow DNS resolution over a wired connection, even running a vanilla kernel without ipv6 capability. I've disabled ipv6 in firefox, changed my DNS servers (tried 4.2.2.1 and OpenDNS), upgraded to beta Tomato firmware for my linksys router, tried disabling the nonexistent ipv6 modules, tried pdnsd, all to no avail. Anyone else have any other suggestions? DNS resolution is fine when the computer is either connected directly to the modem or in Windows 7. Also, my 9.10 laptop works fine with wireless on the same router. Any help would be appreciated :)

Quote:

Originally Posted by -Dice (Post 3863736)

Hi everyone,

I'm running Ubuntu 9.10 and experiencing slow DNS resolution over a wired connection...

... DNS resolution is fine when the computer is either connected directly to the modem

What do you mean by "wired connection" and "Connected directly"?

Thanks

"wired" as opposed to wireless, so using an ethernet cable I guess. By "connected directly" I mean bypassing my router and connecting directly to my cable modem.

Mind Posting your resolv.conf and your traceroute to each of the dns servers

Quote:

Originally Posted by -Dice (Post 3863769)

"wired" as opposed to wireless, so using an ethernet cable I guess. By "connected directly" I mean bypassing my router and connecting directly to my cable modem.

Check if your router is shaping packets.

In what way is it slow? What does a tcpdump of a single DNS resolution look like? Is it retrying? Trying different servers? What are you actually doing to pinpoint a DNS issue in the first place? host/dig/nslookup i would hope.

Dice, you can use 'host -a' to see the time involved with resolving a name, which shows up at the bottom of the results.

Code:

jcwx@haley:~$ host -a google.com 24.196.64.53

Trying "google.com"

Using domain server:

Name: 24.196.64.53

Address: 24.196.64.53#53

Aliases: 



;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52127

;; flags: qr rd ra; QUERY: 1, ANSWER: 14, AUTHORITY: 4, ADDITIONAL: 7



;; QUESTION SECTION:

;google.com.                        IN        ANY



;; ANSWER SECTION:

google.com.                247        IN        MX        400 google.com.s9b2.psmtp.com.

google.com.                247        IN        MX        100 google.com.s9a1.psmtp.com.

google.com.                247        IN        MX        200 google.com.s9a2.psmtp.com.

google.com.                247        IN        MX        300 google.com.s9b1.psmtp.com.

google.com.                216        IN        A        74.125.95.104

google.com.                216        IN        A        74.125.95.105

google.com.                216        IN        A        74.125.95.106

google.com.                216        IN        A        74.125.95.147

google.com.                216        IN        A        74.125.95.99

google.com.                216        IN        A        74.125.95.103

google.com.                231122        IN        NS        ns4.google.com.

google.com.                231122        IN        NS        ns2.google.com.

google.com.                231122        IN        NS        ns3.google.com.

google.com.                231122        IN        NS        ns1.google.com.



;; AUTHORITY SECTION:

google.com.                231122        IN        NS        ns4.google.com.

google.com.                231122        IN        NS        ns1.google.com.

google.com.                231122        IN        NS        ns3.google.com.

google.com.                231122        IN        NS        ns2.google.com.



;; ADDITIONAL SECTION:

google.com.s9a1.psmtp.com. 13160 IN        A        74.125.148.10

google.com.s9a2.psmtp.com. 8574        IN        A        74.125.148.11

google.com.s9b1.psmtp.com. 3929        IN        A        74.125.148.13

google.com.s9b2.psmtp.com. 1587        IN        A        74.125.148.14

ns1.google.com.                36325        IN        A        216.239.32.10

ns2.google.com.                33786        IN        A        216.239.34.10

ns3.google.com.                54712        IN        A        216.239.36.10



Received 498 bytes from 24.196.64.53#53 in 25 ms

jcwx@haley:~$

The 24.196.64.53 address at the end of the command is a DNS server. You can leave that off and whatever is defined in resolv.conf will be used. That should allow you to quantify the delays you are experiencing. You might try this on your firewall/router as well, although I'm using OpenWRT, and the host command isn't installed. Your firmware might have it.

If you firewall is resolving well, you might consider setting up dnsmasq on it. It works well on OpenWRT. In reality, though, you really shouldn't be having any issues with DNS like you describe. You could run a tcpdump capture to see the traffic itself. Could provide a clue as to what is going on:

tcpdump -s 0 -vvvnni eth1 port 53 or icmp

Replace the interface with whatever applies in your situation. You can run that on your firewall as well as your local system. The icmp could provide messages indicating there is a network related problem.

I was looking at nslookup, and there is a debug mode that could provide some insight into potential DNS issues. dig has plenty of command line options, too.

Code:

jcwx@haley:~$ nslookup

> set debug

> set d2

> slackware.com

addlookup()

make_empty_lookup()

looking up slackware.com

start_lookup()

setup_lookup(0x272de00)

resetting lookup counter.



(cut for the sake of brevity)



------------

detailsection()

    QUESTIONS:

        slackware.com, type = A, class = IN

detailsection()

    ANSWERS:

    ->  slackware.com

        internet address = 64.57.102.34

detailsection()

    AUTHORITY RECORDS:

detailsection()

    ADDITIONAL RECORDS:

------------

Non-authoritative answer:

printsection()

Name:        slackware.com

Address: 64.57.102.34

still pending.

cancel_lookup()

check_if_done()

list empty

clear_query(0xb76b8010)

sockcount=0

check_next_lookup(0x272de00)

try_clear_lookup(0x272de00)

destroy

freeing server 0x271b200 belonging to 0x272de00

start_lookup()

check_if_done()

list empty

shutting down

dighost_shutdown()

unlock_lookup dighost.c:3315

>

Could help. Good luck.

I add in my home router's IP as a dns server too along with the ISP's. It seems to help.

I'm so sorry LQ, I was out of the country for a while and then forgot to check the responses to this thread. Unfortunately my computer is still symptomatic: it's slow to load web pages in firefox and opera. It can handle sustained connections for gaming and such with no problems besides an initial pause.

Confusingly, DNS resolution is very fast using dig/nslookup/host. I still have no problems on the same machine with Windows 7. I assumed that I had a DNS issue because of other Ubuntu threads and also firefox's status bar message, "Looking up (site)..."

resolv.conf:
# Generated by NetworkManager
nameserver 192.168.1.1
nameserver 4.2.2.2

Looking at tcpdump on port 53 while entering a site into opera, I noticed that it takes a long time (10-15 seconds) for any traffic to show up, but once it does the page loads quickly. Any thoughts?

I get the following upon entering "bash.org" into opera:

192.168.1.200.55658 > 192.168.1.1.53: [bad udp cksum ba81!] 63129+ A? bash.org. (26)
20:18:56.625352 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 70)
192.168.1.1.53 > 192.168.1.200.55658: [udp sum ok] 63129 q: A? bash.org. 1/0/0 bash.org. [26m33s] A 69.61.106.93 (42)
20:19:03.623328 IP (tos 0x0, ttl 64, id 27071, offset 0, flags [DF], proto UDP (17), length 68)

Quote:

Originally Posted by -Dice (Post 3936603)

any thoughts? :(

If dig/nslookup/host are very fast but Opera and Firefox are not (as shown by "Looking up (site)..." and tcpdump then Opera and Firefox are probably using different name resolution methods from dig/nslookup/host.

Not something I know a lot about so I can't help much further but hopefully the pointer is some help.

Might be worth posting your nsswtch.conf (but dig/nslookup/host probably use that so it may not help) -- elsewise time to investigate how the browsers are configured to do name resolution.

Quote:

Originally Posted by -Dice (Post 3936603)

any thoughts? :(

Post:

Code:

ifconfig -a

route -n

cat /etc/resolv.conf

ifconfig -a
eth0 Link encap:Ethernet HWaddr
inet addr:192.168.1.200 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:10028920 errors:0 dropped:0 overruns:0 frame:0
TX packets:9701624 errors:0 dropped:0 overruns:0 carrier:2
collisions:0 txqueuelen:1000
RX bytes:4065667133 (4.0 GB) TX bytes:1024833837 (1.0 GB)
Interrupt:30

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:3343984 errors:0 dropped:0 overruns:0 frame:0
TX packets:3343984 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1403095499 (1.4 GB) TX bytes:1403095499 (1.4 GB)

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 1 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 eth0
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0

resolv.conf:
# Generated by NetworkManager
nameserver 192.168.1.1
nameserver 4.2.2.2

nsswitch.conf
passwd: compat
group: compat
shadow: compat

hosts: files mdns4_minimal [NOTFOUND=return] wins dns mdns4
networks: files

protocols: db files
services: db files
ethers: db files
rpc: db files

netgroup: nis