Re: Slow DNS Lookups on Debian Etch AMD 64
On Sat, 2007-05-12 at 16:15 +0100, Karl E. Jorgensen wrote:
> On Sat, May 12, 2007 at 09:03:41AM -0500, Dallas Clement wrote:
> > On Sat, 2007-05-12 at 14:27 +0100, Karl E. Jorgensen wrote:
> > > On Thu, May 10, 2007 at 09:41:59AM -0500, Dallas Clement wrote:
> > > > I'm getting terrible DNS lookup performance on my Debian Etch system.
> > > > I've installed the "Etch" - Official Beta amd64 version.
> > > >
> > > > After installing, I noticed that the Internet browsers were taking a
> > > > really long time to pull up a web page. I also observed that the
> > > > browser delays seemed to be DNS related as they were spending a lot of
> > > > time "Looking up whatever.com...".
>
> [snip]
>
> > This is what's in my /etc/resolv.conf:
> >
> > dallas@debian:~$ cat /etc/resolv.conf
> > search clements
> > nameserver 192.168.0.1
> >
> > 'clements is the name of the local domain. And that is the correct name
> > server on the local domain which happens to be a D-link router. It uses
> > DNS relay to forward DNS requests to my ISP.
> >
> > Interestingly, if I repeat the dig test directly on my ISP DNS server
> > address, the time between queries is dramatically reduced:
> [snip]
>
> > real 0m0.157s
> > user 0m0.004s
> > sys 0m0.000s
> >
> > WOW! And if I directly edit the /etc/resolv.conf and put in the DNS
> > server address of my ISP instead of my relaying D-Link router, lo and
> > behold, my web-browsing is incredibly fast!!! I think we can safely
> > conclude that the problem lies with my router and slow DNS relay.
> > Though I must say that I am a bit mystified as to why Windows is so fast
> > if it presumably relies on the D-link router for DNS relay also.
>
> "presumably" - I suspect not. At least that would make for a natural
> explanation...
>
> Another possible explanation: Do you have a firewall on the linux box?
> If so, try disabling it. My rationale? If the firewall gets in the way
> of udp:53 but not tcp:53, I'd expect the same 5-second delay, as the
> resolver first tries udp and then falls back on tcp... (perhaps windows
> "remembers" that udp failed and then plods on with tcp?)
>
> It might be worth double-checking the firewall settings on the router.
> Sounds like they're OK, but a quick browse is in order...
>
> > I wish there was a way to keep my ISP DNS addresses in
> > the /etc/resolv.conf file permanently. I think they get overwritten
> > after getting a DHCP response.
>
> Can't the router be reconfigured?
>
Sadly, my router is pretty inflexible in terms of the DNS configuration.
It mandates the use of DNS relay.
I don't think I have any firewall enabled on the linux box. At least I
don't see any and I didn't deliberately turn one one after the new
install.
I do have a firewall turned on in my D-link router though. It is only
allowing HTTP, FTP, POP3, and SMTP traffic through to a different host
on my LAN.
Do I need to open up port 53 to my linux box then?
Reply to: