[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Slow DNS Lookups on Debian Etch AMD 64

On Sat, 2007-05-12 at 16:15 +0100, Karl E. Jorgensen wrote:
> On Sat, May 12, 2007 at 09:03:41AM -0500, Dallas Clement wrote:
> > On Sat, 2007-05-12 at 14:27 +0100, Karl E. Jorgensen wrote:
> > > On Thu, May 10, 2007 at 09:41:59AM -0500, Dallas Clement wrote:
> > > > I'm getting terrible DNS lookup performance on my Debian Etch system.
> > > > I've installed the "Etch" - Official Beta amd64 version.
> > > > 
> > > > After installing, I noticed that the Internet browsers were taking a
> > > > really long time to pull up a web page.  I also observed that the
> > > > browser delays seemed to be DNS related as they were spending a lot of
> > > > time "Looking up whatever.com...".
> 
> [snip]
> 
> > This is what's in my /etc/resolv.conf:
> > 
> > dallas@debian:~$ cat /etc/resolv.conf
> > search clements
> > nameserver 192.168.0.1
> > 
> > 'clements is the name of the local domain.  And that is the correct name
> > server on the local domain which happens to be a D-link router.  It uses
> > DNS relay to forward DNS requests to my ISP.
> > 
> > Interestingly, if I repeat the dig test directly on my ISP DNS server
> > address, the time between queries is dramatically reduced:
> [snip]
> 
> > real    0m0.157s
> > user    0m0.004s
> > sys     0m0.000s
> > 
> > WOW! And if I directly edit the /etc/resolv.conf and put in the DNS
> > server address of my ISP instead of my relaying D-Link router, lo and
> > behold, my web-browsing is incredibly fast!!!  I think we can safely
> > conclude that the problem lies with my router and slow DNS relay.
> > Though I must say that I am a bit mystified as to why Windows is so fast
> > if it presumably relies on the D-link router for DNS relay also.
> 
> "presumably" - I suspect not. At least that would make for a natural 
> explanation...
> 
> Another possible explanation: Do you have a firewall on the linux box?  
> If so, try disabling it. My rationale? If the firewall gets in the way 
> of udp:53 but not tcp:53, I'd expect the same 5-second delay, as the 
> resolver first tries udp and then falls back on tcp... (perhaps windows 
> "remembers" that udp failed and then plods on with tcp?)
> 
> It might be worth double-checking the firewall settings on the router.  
> Sounds like they're OK, but a quick browse is in order...
> 
> > I wish there was a way to keep my ISP DNS addresses in
> > the /etc/resolv.conf file permanently.  I think they get overwritten
> > after getting a DHCP response.
> 
> Can't the router be reconfigured?
> 

Sadly, my router is pretty inflexible in terms of the DNS configuration.
It mandates the use of DNS relay.

I don't think I have any firewall enabled on the linux box.  At least I
don't see any and I didn't deliberately turn one one after the new
install.

I do have a firewall turned on in my D-link router though.  It is only
allowing HTTP, FTP, POP3, and SMTP traffic through to a different host
on my LAN.

Do I need to open up port 53 to my linux box then?
Reply to: