I often experience relatively slow lookups of DNS records in .ampr.org and 44.in-addr.arpa. Not every time, but lookup times of 2-3 seconds occur quite often, especially for the first one in a series (the TTL in the zones is only an hour, so there is little caching). 44.in-addr.arpa also sometimes fail for existing hosts, to succeed when they are re-tried later.
Do other people see this? It looks like there are 7 DNS servers, which seems to be plenty. Are they overloaded? Do we need or like to have more DNS servers? Should I volunteer to provide one? Or could there be another reason for this phenomenon?
Rob
On Tue, Aug 05, 2014 at 07:14:12PM +0200, Rob Janssen wrote:
I often experience relatively slow lookups of DNS records in .ampr.org and 44.in-addr.arpa.
It can be instructive to use the 'dig' '+trace' option to do lookups as that will give you timing results as the query descends the tree. That way you can get an idea of where the delay may be. Together with the '@' option to direct your query to a particular nameserver you might be able to identify the bottleneck when it occurs. - Brian
On 2014-08-05 19:14, Rob Janssen wrote:
(Please trim inclusions from previous messages) _______________________________________________ I often experience relatively slow lookups of DNS records in .ampr.org and 44.in-addr.arpa. Not every time, but lookup times of 2-3 seconds occur quite often, especially for the first one in a series (the TTL in the zones is only an hour, so there is little caching). 44.in-addr.arpa also sometimes fail for existing hosts, to succeed when they are re-tried later.
Do other people see this? It looks like there are 7 DNS servers, which seems to be plenty.
Sound to me like too much actually.
Are they overloaded? Do we need or like to have more DNS servers?
Why would you think they are overloaded?
Should I volunteer to provide one? Or could there be another reason for this phenomenon?
tcpdumps of slow lookups would be a good start.
Note that depending on your resolver library/daemon either the NSs are traversed in order or a cache is kept of the best responders.
Hence, if one is unreachable for you it first has to timeout and then fall over to the next one.
See below for a quick test.
$ for i in `dig +short 44.in-addr.arpa ns`; do echo $i; dig @$i +short 44.in-addr.arpa soa; done munnari.OZ.AU. ampr.org. brian.ucsd.edu. 114080420 3600 900 720000 86400 ampr.org. ampr.org. brian.ucsd.edu. 114080420 3600 900 720000 86400 ns1.defaultroute.net. ampr.org. brian.ucsd.edu. 114080420 3600 900 720000 86400 hamradio.ucsd.edu. ampr.org. brian.ucsd.edu. 114080420 3600 900 720000 86400 ampr-dns.in-berlin.de. ampr.org. brian.ucsd.edu. 114080420 3600 900 720000 86400 ns2.threshinc.com. ampr.org. brian.ucsd.edu. 114080420 3600 900 720000 86400 ns0.comgw.net. ampr.org. brian.ucsd.edu. 114080420 3600 900 720000 86400
Or use something like:
$ for i in `dig +short 44.in-addr.arpa ns`; do echo $i; dig @$i 5.44.in-addr.arpa soa 2>&1 | grep -E "(SOA|SERVER)"; done
to see which address was used, both IPv4 and IPv6 are present there and some have multiple IPv4 or IPv6 addresses...
And thus better, use the below one to check all addresses.
Greets, Jeroen
--
$ for i in `dig +short 44.in-addr.arpa ns`; do echo -e "\n=============== $i"; for j in `dig +short $i a; dig +short $i aaaa;`; do echo "=== $j"; dig @$j 5.44.in-addr.arpa soa 2>&1 | grep -E "(SOA|SERVER)"; done; done
=============== munnari.OZ.AU. === 202.29.151.3 ;5.44.in-addr.arpa. IN SOA 44.in-addr.arpa. 0 IN SOA ampr.org. brian.ucsd.edu. 114080420 3600 900 720000 86400 ;; SERVER: 202.29.151.3#53(202.29.151.3) === 2001:3c8:9007:1::21 ;5.44.in-addr.arpa. IN SOA 44.in-addr.arpa. 0 IN SOA ampr.org. brian.ucsd.edu. 114080420 3600 900 720000 86400 ;; SERVER: 2001:3c8:9007:1::21#53(2001:3c8:9007:1::21) === 2001:3c8:9009:181::2 ;5.44.in-addr.arpa. IN SOA 44.in-addr.arpa. 0 IN SOA ampr.org. brian.ucsd.edu. 114080420 3600 900 720000 86400 ;; SERVER: 2001:3c8:9009:181::2#53(2001:3c8:9009:181::2)
=============== ampr.org. === 44.0.0.1 ;5.44.in-addr.arpa. IN SOA 44.in-addr.arpa. 0 IN SOA ampr.org. brian.ucsd.edu. 114080420 3600 900 720000 86400 ;; SERVER: 44.0.0.1#53(44.0.0.1)
=============== ns1.defaultroute.net. === 74.120.14.69 ;5.44.in-addr.arpa. IN SOA 44.in-addr.arpa. 0 IN SOA ampr.org. brian.ucsd.edu. 114080420 3600 900 720000 86400 ;; SERVER: 74.120.14.69#53(74.120.14.69)
=============== hamradio.ucsd.edu. === 169.228.66.6 ;5.44.in-addr.arpa. IN SOA 44.in-addr.arpa. 0 IN SOA ampr.org. brian.ucsd.edu. 114080420 3600 900 720000 86400 ;; SERVER: 169.228.66.6#53(169.228.66.6)
=============== ampr-dns.in-berlin.de. === 192.109.42.4 ;5.44.in-addr.arpa. IN SOA 44.in-addr.arpa. 0 IN SOA ampr.org. brian.ucsd.edu. 114080420 3600 900 720000 86400 ;; SERVER: 192.109.42.4#53(192.109.42.4) === 2a01:238:4073:e600::1 ;5.44.in-addr.arpa. IN SOA 44.in-addr.arpa. 0 IN SOA ampr.org. brian.ucsd.edu. 114080420 3600 900 720000 86400 ;; SERVER: 2a01:238:4073:e600::1#53(2a01:238:4073:e600::1)
=============== ns2.threshinc.com. === 192.41.222.8 ;5.44.in-addr.arpa. IN SOA 44.in-addr.arpa. 0 IN SOA ampr.org. brian.ucsd.edu. 114080420 3600 900 720000 86400 ;; SERVER: 192.41.222.8#53(192.41.222.8) === 2604:5000:0:2::2 ;5.44.in-addr.arpa. IN SOA 44.in-addr.arpa. 0 IN SOA ampr.org. brian.ucsd.edu. 114080420 3600 900 720000 86400 ;; SERVER: 2604:5000:0:2::2#53(2604:5000:0:2::2)
=============== ns0.comgw.net. === 195.66.148.101 ;5.44.in-addr.arpa. IN SOA 44.in-addr.arpa. 0 IN SOA ampr.org. brian.ucsd.edu. 114080420 3600 900 720000 86400 ;; SERVER: 195.66.148.101#53(195.66.148.101)
-
Brian Kantor -
Jeroen Massar -
Rob Janssen