DNS lookup takes a long time.

ndttt · 2017-09-13 00:24:16

Whenever I try to log into public wifi's, or even my school's network, resolving DNS takes a very long time. If I try a public wifi hotspot like Apple's, I can't use the network at all.

An example I can give is today while at school, my phone connects to the wifi perfectly fine. My laptop running Arch however, can log on, but it will have a question mark on the wifi logo for 5-10 minutes before going solid. I can run google searches, but that's about it. During that time, if I run

nmcli general

I get

STATE      CONNECTIVITY  WIFI-HW  WIFI     WWAN-HW  WWAN    
connected  limited          enabled  enabled  enabled  enabled

Any pointers on where to look for problems? I believe it to be a DNS problem, but I'm at a lost on what to look for. Thank you for any help.

fukawi2 · 2017-09-13 01:51:26

Post the output of:

awk '$1=="nameserver" { print $2}' /etc/resolv.conf | while read ns ; do dig google.com @$ns ; done

EDIT: while connected to one of the problem networks

Last edited by fukawi2 (2017-09-13 01:52:11)

ndttt · 2017-09-13 03:24:35

Hi, thank you for the reply.

I'm at home now, but even my home wifi gives me a '?' on the wifi icon for a few minutes before getting full connectivity. Only difference is I can fully access the web during that time. I'll post again tomorrow if you still need the results from the problematic network.

[nn@x220 ~]$ awk '$1=="nameserver" { print $2}' /etc/resolv.conf | while read ns ; do dig google.com @$ns ; done

; <<>> DiG 9.11.2 <<>> google.com @192.168.1.108
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8650
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;google.com.			IN	A

;; ANSWER SECTION:
google.com.		94	IN	A	172.217.2.110

;; Query time: 44 msec
;; SERVER: 192.168.1.108#53(192.168.1.108)
;; WHEN: Tue Sep 12 23:18:02 EDT 2017
;; MSG SIZE  rcvd: 55

fukawi2 · 2017-09-13 03:28:56

So that shows your DNS Server is 192.168.1.108 and it took 44ms to answer a query for google.com -- nothing unusual there.

Definitely try it on the problem network(s) -- it will help show if there's a DNS server that's slow/not responding.

ndttt · 2017-09-13 03:42:17

fukawi2 wrote:

Definitely try it on the problem network(s) -- it will help show if there's a DNS server that's slow/not responding.

Will do.

I do have similar readouts from a drill command I did earlier in the day on the problematic network when trying to figure it out myself. Would this be of any help?

[nn@x220 ~]$ drill www5.yahoo.com
;; ->>HEADER<<- opcode: QUERY, rcode: NXDOMAIN, id: 41515
;; flags: qr rd ra ; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 
;; QUESTION SECTION:
;; www5.yahoo.com.	IN	A

;; ANSWER SECTION:

;; AUTHORITY SECTION:
yahoo.com.	600	IN	SOA	ns1.yahoo.com. hostmaster.yahoo-inc.com. 2017091301 3600 300 1814400 600

;; ADDITIONAL SECTION:

;; Query time: 5 msec
;; SERVER: 130.63.10.18
;; WHEN: Tue Sep 12 20:32:50 2017
;; MSG SIZE  rcvd: 93

fukawi2 · 2017-09-13 03:44:38

I'm not familiar with drill; it appears to be some kind of wrapper around dig based on the output above. It only appears to have queried 1 of your name servers (assuming you have more than one) -- but that one looks OK (5ms response).

brebs · 2017-09-13 08:34:34

ndttt wrote:

I believe it to be a DNS problem

Then install a local DNS server. I recommend Unbound.

Run tcpdump, to see the traffic, to get some evidence on what type of traffic is causing the slowdown.

ndttt · 2017-09-13 19:00:34

Thank you for the reply, I'll try out setting up unbound.

I'm back at school now and can do a bit of testing. If I ping 8.8.8.8, I get a response, but if I ping google.com, nothing.

[nn@x220 ~]$ awk '$1=="nameserver" { print $2}' /etc/resolv.conf | while read ns ; do dig google.com @$ns ; done

; <<>> DiG 9.11.2 <<>> google.com @130.63.9.18
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63996
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 5

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;google.com.			IN	A

;; ANSWER SECTION:
google.com.		223	IN	A	172.217.2.110

;; AUTHORITY SECTION:
google.com.		63478	IN	NS	ns4.google.com.
google.com.		63478	IN	NS	ns3.google.com.
google.com.		63478	IN	NS	ns2.google.com.
google.com.		63478	IN	NS	ns1.google.com.

;; ADDITIONAL SECTION:
ns1.google.com.		62967	IN	A	216.239.32.10
ns2.google.com.		62967	IN	A	216.239.34.10
ns3.google.com.		235793	IN	A	216.239.36.10
ns4.google.com.		235793	IN	A	216.239.38.10

;; Query time: 1 msec
;; SERVER: 130.63.9.18#53(130.63.9.18)
;; WHEN: Wed Sep 13 14:13:54 EDT 2017
;; MSG SIZE  rcvd: 191


; <<>> DiG 9.11.2 <<>> google.com @130.63.10.18
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38140
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 5

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;google.com.			IN	A

;; ANSWER SECTION:
google.com.		93	IN	A	172.217.1.174

;; AUTHORITY SECTION:
google.com.		146347	IN	NS	ns2.google.com.
google.com.		146347	IN	NS	ns3.google.com.
google.com.		146347	IN	NS	ns4.google.com.
google.com.		146347	IN	NS	ns1.google.com.

;; ADDITIONAL SECTION:
ns1.google.com.		145903	IN	A	216.239.32.10
ns2.google.com.		145903	IN	A	216.239.34.10
ns3.google.com.		145903	IN	A	216.239.36.10
ns4.google.com.		145903	IN	A	216.239.38.10

;; Query time: 1 msec
;; SERVER: 130.63.10.18#53(130.63.10.18)
;; WHEN: Wed Sep 13 14:13:54 EDT 2017
;; MSG SIZE  rcvd: 191

seth · 2017-09-13 21:14:19

can you

dig google.com
drill google.com
nslookup google.com

What's the output of

ps aux | grep resolv

and the contents of /etc/nsswitch.conf ?

Lone_Wolf · 2017-09-14 11:48:50

fukawi2 wrote:

I'm not familiar with drill; it appears to be some kind of wrapper around dig based on the output above.

Nope, more an alternative for dig .

$ pacman -Fs drill dig
core/ldns 1.7.0-3
    usr/bin/drill
extra/bind-tools 9.11.2-2
    usr/bin/dig
community/epic4 2.10.6-1
    usr/share/epic/script/dig
$

ndttt · 2017-09-14 16:53:16

seth wrote:

can you
dig google.com
drill google.com
nslookup google.com
What's the output of
ps aux | grep resolv
and the contents of /etc/nsswitch.conf ?

Hi, thank you for the reply.

[nn@x220 ~]$ dig google.com

; <<>> DiG 9.11.2 <<>> google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21503
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 5

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;google.com.			IN	A

;; ANSWER SECTION:
google.com.		68	IN	A	172.217.1.174

;; AUTHORITY SECTION:
google.com.		64952	IN	NS	ns4.google.com.
google.com.		64952	IN	NS	ns3.google.com.
google.com.		64952	IN	NS	ns1.google.com.
google.com.		64952	IN	NS	ns2.google.com.

;; ADDITIONAL SECTION:
ns1.google.com.		64508	IN	A	216.239.32.10
ns2.google.com.		64508	IN	A	216.239.34.10
ns3.google.com.		64508	IN	A	216.239.36.10
ns4.google.com.		64508	IN	A	216.239.38.10

;; Query time: 1 msec
;; SERVER: 130.63.10.18#53(130.63.10.18)
;; WHEN: Thu Sep 14 12:50:29 EDT 2017
;; MSG SIZE  rcvd: 191

[nn@x220 ~]$ drill google.com
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 37026
;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4 
;; QUESTION SECTION:
;; google.com.	IN	A

;; ANSWER SECTION:
google.com.	20	IN	A	172.217.1.174

;; AUTHORITY SECTION:
google.com.	64904	IN	NS	ns1.google.com.
google.com.	64904	IN	NS	ns2.google.com.
google.com.	64904	IN	NS	ns3.google.com.
google.com.	64904	IN	NS	ns4.google.com.

;; ADDITIONAL SECTION:
ns1.google.com.	64460	IN	A	216.239.32.10
ns2.google.com.	64460	IN	A	216.239.34.10
ns3.google.com.	64460	IN	A	216.239.36.10
ns4.google.com.	64460	IN	A	216.239.38.10

;; Query time: 1 msec
;; SERVER: 130.63.10.18
;; WHEN: Thu Sep 14 12:51:16 2017
;; MSG SIZE  rcvd: 180

[nn@x220 ~]$ nslookup google.com
Server:		130.63.10.18
Address:	130.63.10.18#53

Non-authoritative answer:
Name:	google.com
Address: 172.217.1.174
Name:	google.com
Address: 2607:f8b0:400b:809::200e

[nn@x220 ~]$ ps aux | grep resolv
nn        5492  0.0  0.0  10796  2200 pts/0    S+   12:52   0:00 grep resolv

And finally the contents of /etc/nsswitch.conf

# Begin /etc/nsswitch.conf

passwd: compat mymachines systemd
group: compat mymachines systemd
shadow: compat

publickey: files

hosts: files mymachines resolve [!UNAVAIL=return] dns myhostname
networks: files

protocols: files
services: files
ethers: files
rpc: files

netgroup: files

# End /etc/nsswitch.conf

edit : I don't know if you need it, but I'll add the results of the same commands after the network has 'stabilized' and it no longer has a question mark on the wifi icon. Seems to be similar though.

[nn@x220 ~]$ dig google.com

; <<>> DiG 9.11.2 <<>> google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45095
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 5

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;google.com.			IN	A

;; ANSWER SECTION:
google.com.		113	IN	A	172.217.1.174

;; AUTHORITY SECTION:
google.com.		64095	IN	NS	ns1.google.com.
google.com.		64095	IN	NS	ns4.google.com.
google.com.		64095	IN	NS	ns3.google.com.
google.com.		64095	IN	NS	ns2.google.com.

;; ADDITIONAL SECTION:
ns1.google.com.		63651	IN	A	216.239.32.10
ns2.google.com.		63651	IN	A	216.239.34.10
ns3.google.com.		63651	IN	A	216.239.36.10
ns4.google.com.		63651	IN	A	216.239.38.10

;; Query time: 1 msec
;; SERVER: 130.63.10.18#53(130.63.10.18)
;; WHEN: Thu Sep 14 13:04:46 EDT 2017
;; MSG SIZE  rcvd: 191

[nn@x220 ~]$  drill google.com
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 64972
;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4 
;; QUESTION SECTION:
;; google.com.	IN	A

;; ANSWER SECTION:
google.com.	283	IN	A	172.217.2.110

;; AUTHORITY SECTION:
google.com.	153930	IN	NS	ns4.google.com.
google.com.	153930	IN	NS	ns1.google.com.
google.com.	153930	IN	NS	ns2.google.com.
google.com.	153930	IN	NS	ns3.google.com.

;; ADDITIONAL SECTION:
ns1.google.com.	326219	IN	A	216.239.32.10
ns2.google.com.	326219	IN	A	216.239.34.10
ns3.google.com.	153444	IN	A	216.239.36.10
ns4.google.com.	153444	IN	A	216.239.38.10

;; Query time: 1 msec
;; SERVER: 130.63.9.18
;; WHEN: Thu Sep 14 13:06:23 2017
;; MSG SIZE  rcvd: 180

[nn@x220 ~]$ nslookup google.com
Server:		130.63.10.18
Address:	130.63.10.18#53

Non-authoritative answer:
Name:	google.com
Address: 172.217.1.174
Name:	google.com
Address: 2607:f8b0:400b:809::200e

[nn@x220 ~]$ ps aux | grep resolv
nn        6620  0.0  0.0  10796  2252 pts/0    S+   13:09   0:00 grep resolv

# Begin /etc/nsswitch.conf

passwd: compat mymachines systemd
group: compat mymachines systemd
shadow: compat

publickey: files

hosts: files mymachines resolve [!UNAVAIL=return] dns myhostname
networks: files

protocols: files
services: files
ethers: files
rpc: files

netgroup: files

# End /etc/nsswitch.conf

Last edited by ndttt (2017-09-14 17:10:24)

seth · 2017-09-14 18:00:18

Forget about the icon for the moment.
Is the first set of results from when supposingly the "DNS lookup takes a long time"??

Arch Linux

#1 2017-09-13 00:24:16

DNS lookup takes a long time.

#2 2017-09-13 01:51:26

Re: DNS lookup takes a long time.

#3 2017-09-13 03:24:35

Re: DNS lookup takes a long time.

#4 2017-09-13 03:28:56

Re: DNS lookup takes a long time.

#5 2017-09-13 03:42:17

Re: DNS lookup takes a long time.

#6 2017-09-13 03:44:38

Re: DNS lookup takes a long time.

#7 2017-09-13 08:34:34

Re: DNS lookup takes a long time.

#8 2017-09-13 19:00:34

Re: DNS lookup takes a long time.

#9 2017-09-13 21:14:19

Re: DNS lookup takes a long time.

#10 2017-09-14 11:48:50

Re: DNS lookup takes a long time.

#11 2017-09-14 16:53:16

Re: DNS lookup takes a long time.

#12 2017-09-14 18:00:18

Re: DNS lookup takes a long time.

Board footer