From Newsgroup: comp.protocols.dns.bind
--000000000000747e9105a84d6273
Content-Type: text/plain; charset="UTF-8"
Replying to myself with more information... I've checked my local router
and my own machine's packet filter. Neither seem to be dropping packets.
And yet, when I enable stats in named.conf and surf the web a bit, I see
stuff like this:
Queryv4 16962
ClientCookieOut 16670
QueryTimeout 11814 <===
Retry 11721
Responsev4 5161
QryRTT100 4808
ValAttempt 4107
ValOk 3136
ValNegOk 931
Truncated 588
GlueFetchv4 387
QryRTT500 300
NXDOMAIN 152
BucketSize 128
ServerCookieOut 81
GlueFetchv4Fail 56
CookieIn 34
CookieClientOk 34
QryRTT1600 31
QryRTT1600+ 11
QryRTT800 10
ValFail 5
NumFetch 2
QryRTT10 1
Priming 1
I tried changing the resolver query timeout in the config to 20s to no
avail. I tried a config file very close to the sample named.conf. I tried setting up a new jail host to run the nameserver. None of this seems to
fix the problem. Does anyone have any advice here?
Thx,
Scott
On Tue, Jun 16, 2020 at 5:28 PM Scott Gasch <
scott.gasch@gmail.com> wrote:
I have a BIND 9.16.3 server running as master for a couple of zones and forwarding queries to my ISP (and 8.8.8.8 / 8.8.4.4 etc...) for other queries. It "works" ok but I notice weird delays in web browsing clients where the browser says "Resolving host...", hangs for a bit (noticeably, ~a few seconds), then loads the whole page.
In the server logs, I see lots of messages like this one:
Jun 16 17:21:04 <daemon.info> wannabe named[6982]: timed out resolving '
trafficmanager.net/DS/IN': 8.8.4.4#53
Jun 16 17:21:05 <daemon.info> wannabe named[6982]: timed out resolving '
apiv4-east.myq-cloud.com/AAAA/IN': 8.8.4.4#53
However when I dig from the command line, I can't replicate this. The
query comes back quickly and successfully:
# *dig @8.8.4.4 <http://8.8.4.4> apiv4-east.myq-cloud.com
<http://apiv4-east.myq-cloud.com>*
; <<>> DiG 9.16.3 <<>> @8.8.4.4 apiv4-east.myq-cloud.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52825
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;apiv4-east.myq-cloud.com. IN A
;; ANSWER SECTION:
apiv4-east.myq-cloud.com. 4 IN A 40.71.236.219
;; Query time: *42 msec*
;; SERVER: 8.8.4.4#53(8.8.4.4)
;; WHEN: Tue Jun 16 17:22:17 PDT 2020
;; MSG SIZE rcvd: 69
It almost feels like something in between me and the next nameserver is dropping packets when a lot of queries are in flight at the same time.
I've looked at my router logs and it doesn't seem to be the culprit. When
I run tcpdump, though, I definitely see queries that do not return and are tried at another DNS server.
Can anyone advise me how to troubleshoot this further, please?
Thx,
Scott
--000000000000747e9105a84d6273
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">Replying to myself with more information... I've check=
ed my local router and my own machine's packet filter.=C2=A0 Neither se=
em to be dropping packets.=C2=A0 And yet, when I enable stats in named.conf=
and surf the web a bit, I see stuff like this:<div><br></div><blockquote c= lass=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px soli=
d rgb(204,204,204);padding-left:1ex">Queryv4 16962<br>ClientCookieOut 16670=
<br>QueryTimeout 11814=C2=A0 =C2=A0<=3D=3D=3D<br>Retry 11721<br>Response=
v4 5161<br>QryRTT100 4808<br>ValAttempt 4107<br>ValOk 3136<br>ValNegOk 931<=
Truncated 588<br>GlueFetchv4 387<br>QryRTT500 300<br>NXDOMAIN 152<br>Buc=
ketSize 128<br>ServerCookieOut 81<br>GlueFetchv4Fail 56<br>CookieIn 34<br>C=
ookieClientOk 34<br>QryRTT1600 31<br>QryRTT1600+ 11<br>QryRTT800 10<br>ValF=
ail 5<br>NumFetch 2<br>QryRTT10 1<br>Priming 1</blockquote><div><br></div><=
I tried changing the resolver query timeout in the config to 20s to no = avail.=C2=A0 I tried a config file very close to the sample named.conf.=C2=
=A0 I tried setting up a new jail host to run the nameserver.=C2=A0 None of=
this seems to fix the problem.=C2=A0 Does anyone have any advice here?</di= v><div><br></div><div>Thx,</div><div>Scott</div><div><br></div><div><br></d= iv></div><br><div class=3D"gmail_quote"><div dir=3D"ltr" class=3D"gmail_att= r">On Tue, Jun 16, 2020 at 5:28 PM Scott Gasch <<a href=3D"mailto:scott.=
gasch@gmail.com">
scott.gasch@gmail.com</a>> wrote:<br></div><blockquote = class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px sol=
id rgb(204,204,204);padding-left:1ex"><div dir=3D"ltr">I have a=C2=A0BIND 9= .16.3 server running as master for a couple of zones and forwarding queries=
to my ISP (and 8.8.8.8 / 8.8.4.4 etc...) for other queries.=C2=A0 It "= ;works" ok but I notice weird delays in web browsing clients where the=
browser=C2=A0says "Resolving host...", hangs for a bit (noticeab= ly, ~a few seconds), then loads the whole page.<div><br></div><div>In the s= erver logs, I see lots of messages like this one:</div><div><br></div><bloc= kquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:= 1px solid rgb(204,204,204);padding-left:1ex">Jun 16 17:21:04 <<a href=3D= "
http://daemon.info" target=3D"_blank">daemon.info</a>> wannabe named[69= 82]: timed out resolving '<a href=3D"
http://trafficmanager.net/DS/IN" t= arget=3D"_blank">trafficmanager.net/DS/IN</a>': 8.8.4.4#53<br>Jun 16 17= :21:05 <<a href=3D"
http://daemon.info" target=3D"_blank">daemon.info</a>= > wannabe named[6982]: timed out resolving '<a href=3D"
http://apiv4-= east.myq-cloud.com/AAAA/IN" target=3D"_blank">apiv4-east.myq-cloud.com/AAAA= /IN</a>': 8.8.4.4#53</blockquote><div><br></div><div>However when I dig=
from the command line, I can't replicate this.=C2=A0 The query comes b= ack quickly and successfully:</div><blockquote class=3D"gmail_quote" style= =3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding= -left:1ex"># <b>dig @<a href=3D"
http://8.8.4.4" target=3D"_blank">8.8.4.4</=
<a href=3D"http://apiv4-east.myq-cloud.com" target=3D"_blank">apiv4-east=
.myq-cloud.com</a></b><br>; <<>> DiG 9.16.3 <<>> @<=
a href=3D"
http://8.8.4.4" target=3D"_blank">8.8.4.4</a> <a href=3D"
http://a= piv4-east.myq-cloud.com" target=3D"_blank">apiv4-east.myq-cloud.com</a><br>=
; (1 server found)<br>;; global options: +cmd<br>;; Got answer:<br>;; ->= >HEADER<<- opcode: QUERY, status: NOERROR, id: 52825<br>;; flags: =
qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1<br>;; OPT PSEUDO= SECTION:<br>; EDNS: version: 0, flags:; udp: 512<br>;; QUESTION SECTION:<br= >;<a href=3D"
http://apiv4-east.myq-cloud.com" target=3D"_blank">apiv4-east.= myq-cloud.com</a>. =C2=A0 =C2=A0 =C2=A0IN =C2=A0 =C2=A0 =C2=A0A<br>;; ANSWE=
R SECTION:<br><a href=3D"
http://apiv4-east.myq-cloud.com" target=3D"_blank"= >apiv4-east.myq-cloud.com</a>. 4 =C2=A0 =C2=A0 IN =C2=A0 =C2=A0 =C2=A0A =C2= =A0 =C2=A0 =C2=A0 40.71.236.219<br>;; Query time: <b>42 msec</b><br>;; SERV= ER: 8.8.4.4#53(8.8.4.4)<br>;; WHEN: Tue Jun 16 17:22:17 PDT 2020<br>;; MSG = SIZE =C2=A0rcvd: 69</blockquote><div><br></div><div>It almost feels like so= mething in between me and the next nameserver is dropping packets when a lo=
t of queries are in flight at the same time.=C2=A0 I've looked at my ro= uter logs and it doesn't seem to be the culprit.=C2=A0 When I run tcpdu= mp, though, I definitely see queries that do not return and are tried at an= other DNS server.</div><div><br></div><div>Can anyone advise me how to trou= bleshoot this further, please?</div><div><br></div><div>Thx,</div><div>Scot= t</div><div><br></div><div><br></div><div><br></div></div>
</blockquote></div>
--000000000000747e9105a84d6273--
--- Synchronet 3.18a-Linux NewsLink 1.113