DNS Slow to Resolve

[chris.zeman]

It seems that URLs take much longer to resolve since I installed eBox. This has been consistent between home and work. Has anybody else run across this?

Thank you,
Chris

[hachaboob]

Yes I have noticed some latency with lookups. Not too sure what it is.

[chris.zeman]

Yeah, it's driving my co-workers and myself nuts. I think I'm going to have to install something else this morning when I go in. I like eBox and all, but I think I'll have to come back to it in the future.

Chris

[javi]

are you using the eBox dns module or an external dns?

[javi]

Hey I've just found out what's wrong. bind is trying to resolve via ipv6, and that's why it's taking so long. Give me a few hours to give you a solution

[javi]

I've just uploaded a new bind package with ipv6 support disabled.

To get this new package:

Make sure you have the following line in /etc/apt/sources.list, add it in case you haven't:

deb http://ebox-platform.com/debian/stable/ extra/

Execute:

apt-get update
apt-get install bind9


If you have other sources:
apt-get install bind9=1:9.2.4-1sarge3.warp1


You should notice the speed up. Feedback is highly appreciated.

[hachaboob]

Thank's Javi instant gratification!

[chris.zeman]

That's cool!

I already switched back to BrazilFW at work, unfortunately, but will give it another go at a later date. Actually, I'll give it another go at work once eBox has been switched over to Ubuntu. I am continuing to use eBox at home, since it offers file sharing and what-not, so I'll apply your update just as soon as I get a chance.

Thanks!
Chris

[Lonniebiz]

I'm using the latest stable version, installed last week. Using namebench, I determined some stats for my Zentyal DNS Lookups times.

After 100 queries these were my lookup times:

Code: [Select]

avg: 1308.68 ms
 min: 3.0 ms
max: 3500.0 ms
Compare this with the stats when using OpenDNS from the same network:

Code: [Select]

avg: 57.30 ms
 min: 12.6 ms
max: 409.1 ms

[Lonniebiz]

I figured it out. Zentyal itself, was not slow, it was just that I didn't have any forwarders added to dns. After adding these 4 forwarders, DNS became lightning fast:

• 8.8.8.8
• 8.8.4.4
• 208.67.222.222
• 208.67.220.220

If you don't add forwarders to your DNS, Zentyal will resolve DNS straight from the Root servers ( see: http://doc.zentyal.org/en/dns.html#dns-forwarders ) which are slower than the forwarders above (in my area).

[christian]

Would you mind please to explain further ?

For what I understand, forwarder is here to redirect internal clients requests to external DNS servers before trying to resolve it locally and also to cache requests result. So once cached, yes, for sure, latency is dramatically reduced.
But this is something different from Zentyal server resolving names using its own DNS settings (in Network/DNS section).

To me, except if you are using transparent proxy, DNS forwarder is almost never used or am I wrong with such understanding ?

[Lonniebiz]

My understanding is that adding a forwarder doesn't "redirect" clients, instead it allows Zentayal to ask the forwarder what the IP address of a domain is, and then Zentyal passes that information along to the internal clients.

Zentyal DNS by itself doesn't know the ip address of domains on the interent, it has to ask a dns server upstream to find out this information. By default, it will ask this information from overburdened root DNS servers. If you add a forwarder, it will ask this information from the forwarder DNS server instead. By adding a forwarder DNS server,  you are essentially changing "who Zentyal asks" from slower root-dns-servers to faster forwarder-dns-servers.

So, by adding the forwarders I mentioned (from Google and OpenDNS), you can ultimately increase how fast web pages are accessed on the internal network:
http://developers.google.com/speed/public-dns/
http://www.opendns.com/opendns-ip-addresses

Also, my understanding is that Zentyal will not ask the forwarders about domains you've added to the local DNS. It instead realizes that it is the authority on those domains.

[christian]

My understanding about forwarder is slightly different 

I was no thinking (but perhaps this was not obvious) that Zentyal would store all internet addresses 
neither thinking, BTW, that client DNS request would be "redirected" (sorry for this misleading word).

DNS behaviour depends on how you have defined DNS client side (end-user) and also, as this is mainly used for web browsing, how you have defined browser.

- Client side, let's assume Zentyal is your main DNS. If not, you can still "force" it enabling Zentyal "transparent DNS cache" feature. Doing so, client will ask Zentyal DNS to resolve names.
- if you use, client side, explicit proxy, client while browsing, will not request DNS because this is done proxy side, meaning Zentyal side.

Back to forwarder: my understanding is that if you ask Zentyal DNS to resolve name in domain Zentyal is authoritative for, if name is not found, Zentyal will return "not found". Same if you find for domain not handled by Zentyal but, for some reason, not found either.
Using forwarder, Zentyal will ask this "forwarder" DNS first (well, after cache  ) and if not found, will continue with standard DNS search sequence.

This permits, e.g. to request another DNS that would contain entries you do  not manage in you own domain.
I can't see where "forwarder" increases speed. However, forwarder or not, once DNS request is done, there is a cache mechanism preventing to perform same request again. This one will indeed increase speed.

Am I wrong with this understanding ? 

[jbahillo]

Hi christian:

You understanding is (almost) correct:

On any DNS request to Zentyal, it will search for any configured zone, if it matches (it is an authoritative server for that domain/zone) it will answer.
If Zentyal is not authoritative, and does not have any forwarder configured, it will ask the root DNS servers.
If Zentyal is not authoritative, and does have some forwarder configured, it will ask that forwarder.

Cheers

[christian]

Do you mean that forwarders will not be checked before zones Zentyal DNS handles locally?
If you confirm this, then I'm a bit puzzled with such purpose