Re: Unusable DNS, 10.4 Tiger
Re: Unusable DNS, 10.4 Tiger
- Subject: Re: Unusable DNS, 10.4 Tiger
- From: Jordan Krushen <email@hidden>
- Date: Thu, 1 Dec 2005 16:48:01 -0800
On 12/1/05, email@hidden <email@hidden> wrote:
> >> For whatever reason,
> >> any DNS lookup on my computer takes 5-7 seconds. If I try the query
> >> again, it takes a fraction of a second, but sometimes reverts to the
> >> full time.
This sounds like proper (although slow) DNS behaviour to me, see below.
> The 11:23:34.523781 line appears instantly, then an 8 second delay
> until the 11:23:42.025238 line appears, then 11:23:42.112253 is
> instant after that. I don't quite know if I am reading this right
> but, doesn't it look like the first query never comes back, so it
> times out and tries sending it again, at which point it gets a
> response back immediately? Any idea why this would always happen?
> Could I shorten that timeout to say half a second?
It's 'cause the resolver you're querying doesn't have all the DNS info
for the entire Internet -- it's a recursive resolver, too, so it has
an (indeterminate) amount of work to do before it can answer you.
You're asking your ISP's server for a record, which it may or may not
have. If it doesn't, it follows the standard behaviour and starts
digging down the hierarchy until it figures out which server to query,
then queries that server, adds the response to its cache if necessary,
and responds to the original requester (your machine's resolver).
If it's trying to resolve something that takes a while, your local
resolver may timeout, and re-fire its request, at which point the
answer *has* arrived at your ISP's resolver, at which point it can
respond instantly.
None of the above has anything to do with OS X so far. You'll see
this behaviour on Windows, too, with a few differences. I haven't
used Windows for a few years now, but one rather annoying behaviour
there was that the local resolver stub seemed to cache everything
ignoring TTL, barring a reboot. While this was fine for records that
never change, it was annoying if you had dynamic hosts that changed
often.
lookupd on OS X seems smarter, if not stable yet.. OS X in general
seems to prefer correctness over speed (like with the oft-perceived
'slowness' of Safari's rendering compared to other browsers). I agree
with this, FWIW.
If it does this for your first request, then it's fine for a while,
then it does it again, then you're fine for a while, that's the
expected behaviour. You look it up, it gets cached until the TTL
expires, then the next time you request that record after it expired,
it goes off to find it again, and caches it until the TTL expires.
> Hmmm I could see that, although this is my primary computer and
> always on en0. Just out of curiosity, could I tell it to send 2 dns
> requests in quick succession, so the second reply comes faster? I
> just wonder if this is something related to my wireless hub and
> router, like, maybe the first response is blocked somehow. I just
> can't imagine that though. I will try running this on my ibook since
> I think it is running a lot better than my imac. Is there anything I
> can adjust on my imac, like the DNR thing, or have we ruled that out
> now? Also, is port 53 special in the router? Could I open it so it
> skips NAT for that port somehow? Thanx,
Bugging someone to hurry when they're waiting for someone else to
finish won't get you anywhere. As for port 53, that's the standard
port for DNS. Do note that you're not sending from port 53, so if you
have a (dumb) firewall on your router that's blocking traffic, it may
not allow inbound UDP packets to ethereal ports, which may cause
delays, retransmissions, or attempts over TCP, which are of course
slower.
I find it better to not run DNS over/through NAT at all. I run
resolvers on the NAT machines, point the local machines to that, and
let it speak directly to external machines. This also lets you flush
a cache locally if a host has changed online and your ISP is
over-cacheing it. It also allows for fast resolution to hosts you've
visited before even if your upstream is saturated.
Forwarding to your ISP's nameserver from your resolver on the NAT
machine can speed things up in certain circumstances, assuming you're
ok with the trust and control issues that go along with it.
Try plugging your machine in directly to your ISP connection/modem
instead of behind the NAT box, and see if it makes a difference.
HTH,
J.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden