frequent DNS failures

ssfrr · 2018-09-03 16:10:05

I've been noticing a lot of DNS delays and failures. They don't seem to be appliction-specific (they show up when browsing and also when installing software with pacman). They don't seem to be a problem when doing a lookup with `dig`, but `strace` tells me they're hanging waiting for a reply during `getaddrinfo`.

I wrote a little test program that basically just repeatedly calls `getaddrinfo`, and noticed that for some reason the failures seem to come if I make a bunch of requests, pause, and then make another request. If I keep streaming requests they work fine, but the first request after a pause will hang or fail. My test sends a burst of 20 `getaddrinfo` calls, then waits 1 second, then sends another one, then waits a second, and repeats the process. It prints a `.` for every successful call, a `+` if they take longer than 100ms, and a `!` if they take longer than 1s. If `getaddrinfo` returns an error code it's printed. So my output ends up looking like:

~/D/p/a/dnstest ❯❯❯ ./gaitest

0/100 - ....................|.
20/100 - ....................|!
40/100 - ....................|.
60/100 - ....................|!
80/100 - ....................|.

I created a gist with the contents of my /etc/nsswitch.conf, /etc/resolv.conf, and the test program that I wrote that seems to reliably reproduce the issue:

https://gist.github.com/ssfrr/112522bc8 … 52401060d5

Running this under cygwin on windows doesn't have a problem (though I suspect maybe there's some DNS caching or something going on because it runs way more quickly). Also running this when plugged into the wired LAN doesn't have the issue.

I monitored the traffic using wireshark and it looks like when there's a failure it's just because there's no response to the DNS request, so it times out and moves to the next one. Given that it doesn't happen on the LAN though I don't think the problem is with the DNS server. I suspect something with my wifi router, which is running DD-WRT. Any advice on troubleshooting next steps?

brebs · 2018-09-03 16:27:24

My usual advice is to install and use Unbound, for DNS caching.

seth · 2018-09-03 17:51:01

On top of that, you might want to try other DNS servers (8.8.8.8 or 1.1.1.1) to see rule out server related issues.
Another thing is that DD-WRT usually provides a DNS "server" (dnsmasq forwarding a configured server) which you might want to invoke to see whether that makes a difference (notably if the server is running on your gateway, see "nmap -p53 192.168.11.1")

ssfrr · 2018-09-03 20:57:57

Thanks for the responses. I did try some other DNS servers and these gave the best results (I was getting more failures with 8.8.8.8).

Installing unbound definitely improves things. I worry a little that it's papering over some underlying issue, but I'm not worrying enough to spend more time troubleshooting.

Thanks for the suggestion!

brebs · 2018-09-03 21:37:42

For further debugging - can you run tcpdump on the router?

ECN is the current potentially-network-breaking configuration problem.

Arch Linux

#1 2018-09-03 16:10:05

frequent DNS failures

#2 2018-09-03 16:27:24

Re: frequent DNS failures

#3 2018-09-03 17:51:01

Re: frequent DNS failures

#4 2018-09-03 20:57:57

Re: frequent DNS failures

#5 2018-09-03 21:37:42

Re: frequent DNS failures

Board footer