# Mysterious DNS Resolution Problems

## ajtolland

Hi,

        I'm mystified by a domain name resolution problem.  I've read through some of the previous discussions, and it looks like other people have had similar problems.  However, the suggested fixes don't seem to be working for me.  Or possibly, I'm such a newbie that I haven't implemented them correctly.  Maybe someone here can give me some insight?

My NIC is a  RealTek RTL8139.  I'm using a router: a D-LINK DI-614+.  Earthlink gave me a chinsy little Netopia ADSL modem.  

When I type $ ssh hostname.domain.com, I get a very long delay (presumably while some sort of DNS lookup goes on) .  However, when I type $ ssh XXX.XXX.XXX.XXX, I get an almost immediate response.  Similar response lags with MozillaFirebird.  I get almost immediate response when I $ping hostname.domain.com.  When I #traceroute -n hostname.domain.com, I get the following:

```

traceroute -n www.google.com

traceroute to www.google.akadns.net (216.239.53.99), 30 hops max, 40 byte packets

 1  192.168.0.1  0.277 ms  0.587 ms  0.201 ms

 2  * * *

 3  * * *

 4  * * *

 5  * * *

```

It just hangs.

My configuration is as follows:

```

# cat /etc/hostname 

blue

# cat /etc/hosts 

127.0.0.1       localhost

127.0.0.1       blue.nevewhere.net blue

# cat /etc/resolv.conf 

#nameserver 192.168.0.1

#If I don't add the -R option in /etc/conf.d/net, dhcp automatically puts this line in.

nameserver 207.217.126.81

# cat /etc/conf.d/net | grep dhcp

iface_eth0="dhcp"

dhcpcd_eth0=" -R "

# netstat -rn

Kernel IP routing table

Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface

192.168.0.0     0.0.0.0         255.255.255.0   U        40 0          0 eth0

127.0.0.0       127.0.0.1       255.0.0.0       UG       40 0          0 lo

0.0.0.0          192.168.0.1     0.0.0.0         UG       40 0          0 eth0

# ifconfig 

eth0      Link encap:Ethernet  HWaddr 00:E0:7D:97:2A:AD  

          inet addr:192.168.0.101  Bcast:192.168.0.255  Mask:255.255.255.0

          inet6 addr: fe80::2e0:7dff:fe97:2aad/10 Scope:Link

          UP BROADCAST NOTRAILERS RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:172678 errors:0 dropped:0 overruns:0 frame:0

          TX packets:167874 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:100 

          RX bytes:78000461 (74.3 Mb)  TX bytes:36556696 (34.8 Mb)

          Interrupt:10 Base address:0x1000 

lo        Link encap:Local Loopback  

          inet addr:127.0.0.1  Mask:255.0.0.0

          inet6 addr: ::1/128 Scope:Host

          UP LOOPBACK RUNNING  MTU:16436  Metric:1

          RX packets:28826 errors:0 dropped:0 overruns:0 frame:0

          TX packets:28826 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:0 

          RX bytes:38012234 (36.2 Mb)  TX bytes:38012234 (36.2 Mb)

```

----------

## fatcat.00

It is quite possible your ISP doesn't allow traceroute or icmp.  Mine doesn't.

This is not a DNS problem because you are properly resolving  www.google.akadns.net to its address (216.239.53.99).  It appears as if DNS is working.

What is the actual problem you are having?  Is it the slow times to connect to remote hosts?

----------

## ajtolland

 *Quote:*   

> 
> 
> What is the actual problem you are having? Is it the slow times to connect to remote hosts?
> 
> 

 

The problem is the slow responses.  It can take as much as a minute for ssh to connect.

----------

## paranode

Your DNS server seems to respond quickly for me.

Do you have a firewall set up?  If so, perhaps you forgot to let in UDP traffic from your DNS server on port 53.

----------

## fatcat.00

What kind of resolution speed do you get when you do "nslookup www.yahoo.com".  My guess is  it will be pretty fast.  

If you don't have nslookup, emerge "bind-tools".

----------

## ajtolland

 *Quote:*   

> 
> 
> What kind of resolution speed do you get when you do "nslookup www.yahoo.com". My guess is it will be pretty fast.
> 
> 

 

The response is quite fast.  What does this tell us?  Can I use this to speed up my computer's responses?

----------

## fatcat.00

No, it won't speed up anything.  nslookup is just a tool to perform address resolution tests.  I just wanted to confirm that you are *not* having a DNS problem so we could look elsewhere.  Your DNS appears to be working fine.

Now, you say that when you ssh to a host using the name its slow, but when you ssh to its IP that its fast.  I assume that is still the problem you are having?

If that is the case, please add the -v parameter to both command lines ("ssh -v hostname" and "ssh -v xxx.xxx.xxx.xxx") and post the results.  This should tell us what is going on.

----------

## ajtolland

 *Quote:*   

> 
> 
> Now, you say that when you ssh to a host using the name its slow, but when you ssh to its IP that its fast. I assume that is still the problem you are having?

 

Yes, that's still the problem.  (And a similarly long delay in Firebird.  I type in, for instance, www.google.com, and get a long delay in connecting.  During this delay, it flashes "resolving host..." in the status bar. If I type in the IP address, I get no such delay)

 *Quote:*   

>  If that is the case, please add the -v parameter to both command lines ("ssh -v hostname" and "ssh -v xxx.xxx.xxx.xxx") and post the results. This should tell us what is going on.

 

OK.  Here it is.

```

 $ ssh -v socrates.berkeley.edu

OpenSSH_3.7.1p2, SSH protocols 1.5/2.0, OpenSSL 0.9.6k 30 Sep 2003

debug1: Reading configuration data /home/ajt/.ssh/config

debug1: Reading configuration data /etc/ssh/ssh_config

debug1: Connecting to socrates.berkeley.edu [128.32.25.13] port 22.

debug1: Connection established.

debug1: identity file /home/ajt/.ssh/identity type -1

debug1: identity file /home/ajt/.ssh/id_rsa type -1

debug1: identity file /home/ajt/.ssh/id_dsa type -1

debug1: Remote protocol version 1.99, remote software version 2.4.0 SSH Secure Shell (non-commercial)

debug1: match: 2.4.0 SSH Secure Shell (non-commercial) pat 2.*

debug1: Enabling compatibility mode for protocol 2.0

debug1: Local version string SSH-2.0-OpenSSH_3.7.1p2

debug1: SSH2_MSG_KEXINIT sent

debug1: SSH2_MSG_KEXINIT received

debug1: kex: server->client 3des-cbc hmac-md5 none

debug1: kex: client->server 3des-cbc hmac-md5 none

debug1: sending SSH2_MSG_KEXDH_INIT

debug1: expecting SSH2_MSG_KEXDH_REPLY

debug1: Host 'socrates.berkeley.edu' is known and matches the DSA host key.

debug1: Found key in /home/ajt/.ssh/known_hosts:4

debug1: ssh_dss_verify: signature correct

debug1: SSH2_MSG_NEWKEYS sent

debug1: expecting SSH2_MSG_NEWKEYS

debug1: SSH2_MSG_NEWKEYS received

debug1: SSH2_MSG_SERVICE_REQUEST sent

debug1: SSH2_MSG_SERVICE_ACCEPT received

debug1: Authentications that can continue: publickey,password

debug1: Next authentication method: publickey

debug1: Trying private key: /home/ajt/.ssh/identity

debug1: Trying private key: /home/ajt/.ssh/id_rsa

debug1: Trying private key: /home/ajt/.ssh/id_dsa

debug1: Next authentication method: password

ajt@socrates.berkeley.edu's password: 

```

The delay takes place during the second line: "debug1: Reading configuration data /etc/ssh/ssh_config".  The output of 'ssh -v 128.32.25.13' was identical, except that  there was no delay.

thanks for the help...

----------

## fatcat.00

Argh.  Well I was hoping for something more obvious  :Smile: 

Can you post your /etc/nsswitch.conf file?

I am back to thinking about name resolution.  Would you say that all name resolution is slow?  Except for nslookup, I mean.

----------

## r0b

are you using pppoe, and if so, are you using a firewall?

----------

## ajtolland

 *Quote:*   

> Can you post your /etc/nsswitch.conf file? 

 

It's included below.

 *Quote:*   

> 
> 
> I am back to thinking about name resolution. Would you say that all name resolution is slow? Except for nslookup, I mean.

 

It's a mix

Normal:  nslookup, ping, ncftp, links, 

Slow:  Firebird, ssh, telnet 

```
 $ cat /etc/nsswitch.conf 

# /etc/nsswitch.conf:

# $Header: /home/cvsroot/gentoo-src/rc-scripts/etc/nsswitch.conf,v 1.4 2002/11/18 19:39:22 azarah Exp $

passwd:      compat

shadow:      compat

group:       compat

# passwd:    db files nis

# shadow:    db files nis

# group:     db files nis

hosts:       files dns

networks:    files dns

services:    db files

protocols:   db files

rpc:         db files

ethers:      db files

netmasks:    files

netgroup:    files

bootparams:  files

automount:   files

aliases:     files

```

----------

## tam

 *ajtolland wrote:*   

> I'm mystified by a domain name resolution problem.

 

Exactly the same problem here.  No clue at all, since it all worked fine a few days ago 

 :Question: 

----------

## argh

I had the exactly same symptoms with extremely slow name resolution on Mozilla, SSH and Epiphany and lightning fast on Links, emerge and dnslookup. My system had the following setup, Realtek 8139 based NIC, driver 8139too, kernel-2.6.0-test9-mm2, D-Link 804 broadband router, DHCP. 

The solution for me was to recompile the kernel with the 8139cp driver instead of the 8139too. I have no clue of the reason for the varying performance in different applications, but this one worked fine for me. 

-argh-

----------

## northern

DNS can have very strange effects with certain applications.

In your /etc/hosts you've got 127.0.0.1 twice, keep the line for localhost and change the 2nd line to the ip address of your network card and the fully qualified (and short version) of your actual hostname, it may or may not solve your problem, but you do need to make these changes.

hth

----------

## tam

Just found a solution:

```
root@tam [/etc] traceroute -I www.heise.de

traceroute to www.heise.de (193.99.144.71), 30 hops max, 40 byte packets

 1  draytek (192.168.0.1)  0.293 ms  0.241 ms  0.222 ms

 2  217.5.98.41 (217.5.98.41)  53.109 ms  52.031 ms  52.772 ms

 3  217.237.153.46 (217.237.153.46)  51.725 ms  52.077 ms  50.000 ms

 4  F-EA2.F.DE.NET.DTAG.DE (62.154.18.18)  58.586 ms  58.093 ms  60.220 ms

 5  c1.f.de.plusline.net (213.83.45.33)  59.802 ms  60.000 ms  58.898 ms

 6  c22.f.de.plusline.net (213.83.57.53)  60.263 ms  59.508 ms  59.807 ms

 7  www.heise.de (193.99.144.71)  60.700 ms  61.351 ms  59.806 ms

```

```

root@tam [/etc] traceroute www.heise.de

traceroute to www.heise.de (193.99.144.71), 30 hops max, 40 byte packets

 1  draytek (192.168.0.1)  0.375 ms  0.248 ms  0.309 ms

 2  * * *

 3  * *

```

-I means "Use ICMP ECHO instead of UDP datagrams." 

My Draytek Vigor 2500WE only works with -I

It's alos important, that you have a correct hosts file

```
root@tam [/etc] cat /etc/hosts

127.0.0.1       localhost tam

192.168.0.1     draytek router

192.168.0.10    desktop

```

----------

## rev138

I'm having a smiliar and possibly related problem:

When I ping a host on my office's network by its hostname, It takes a LONG time (30 seconds +) to return each ping result, but the actual ping times are fast and resonable (0.5 ms)

If I ping by IP, there is no slowdown, nor is there a slowdown if I ping a hostname specified in /etc/hosts

This leads me to believe that it's some kind of DNS problem, but I'm stumped as to what.

Any ideas?

Thanks in advance!

----------

## Enantiodromia

Same problem. sis900 and 8139too. Note that it makes no difference whether one or both of these interfaces are up. Configuration included below:

```
# cat /etc/hosts

127.0.0.1       localhost

192.168.1.105   darkshade.ptgamer.org darkshade

# IPV6 versions of localhost and co

::1 ip6-localhost ip6-loopback

fe00::0 ip6-localnet

ff00::0 ip6-mcastprefix

ff02::1 ip6-allnodes

ff02::2 ip6-allrouters

ff02::3 ip6-allhosts
```

```
# cat /etc/resolv.conf

nameserver 66.235.59.6

nameserver 66.235.59.7
```

```
# ifconfig

eth0      Link encap:Ethernet  HWaddr 00:E0:7D:DE:A3:66

          inet addr:192.168.1.105  Bcast:192.168.1.255  Mask:255.255.255.0

          inet6 addr: fe80::2e0:7dff:fede:a366/64 Scope:Link

          UP BROADCAST NOTRAILERS RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:28 errors:0 dropped:0 overruns:0 frame:0

          TX packets:10 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000

          RX bytes:3848 (3.7 Kb)  TX bytes:2268 (2.2 Kb)

          Interrupt:11 Base address:0xc000

 

eth1      Link encap:Ethernet  HWaddr 00:07:95:37:2C:45

          inet addr:192.168.1.104  Bcast:192.168.1.255  Mask:255.255.255.0

          inet6 addr: fe80::207:95ff:fe37:2c45/64 Scope:Link

          UP BROADCAST NOTRAILERS RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:948 errors:0 dropped:0 overruns:0 frame:0

          TX packets:1034 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000

          RX bytes:829471 (810.0 Kb)  TX bytes:141436 (138.1 Kb)

          Interrupt:5 Base address:0xd000

 

lo        Link encap:Local Loopback

          inet addr:127.0.0.1  Mask:255.0.0.0

          inet6 addr: ::1/128 Scope:Host

          UP LOOPBACK RUNNING  MTU:16436  Metric:1

          RX packets:2718 errors:0 dropped:0 overruns:0 frame:0

          TX packets:2718 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:0

          RX bytes:181706 (177.4 Kb)  TX bytes:181706 (177.4 Kb)
```

```
# cat /etc/conf.d/net | grep dhcp

# For DHCP set iface_eth? to "dhcp"

# For passing options to dhcpcd use dhcpcd_eth?

iface_eth0="dhcp"

dhcpcd_eth0="..."

iface_eth1="dhcp"

dhcpcd_eth1="..."
```

Yesterday, the problem seemed to resolve itself when I brought eth0 down, however this does NOT fix anything now, and was likely mere coincidence.  

I am hereby offering a bounty of 10 gold stars to anyone who solves this problem!   :Twisted Evil: 

----------

## gratiz

Had exactle the same problem as some of you describe them. For me i had to delete some lines in /etc/hosts. I deleted all the ipv6 stuff and now the dns resolve is much faster!

----------

## SlicerDicer

Yeah this problems sucks I cant browse with my main box please let know a fix. I am very very very frustrated about this.

----------

## easykill169

I am having the same problem so I installed djbdns to try to speed things up. It didn't work, but it gave me wonderful, beautiful log files to go through. Whenever I would do a dns query for a name, for example google.com, my dns client would append my local domain to the query, google.com.localdomain and once that came back no known host it would look up google.com and then things would fly. So if anyone knows how to stop that behavior, our problem will be solved.

----------

## JustinHoMi

Has anybody had any luck resolving this problem? I installed gentoo on two different machines, each with different nics, and both are doing it. I installed dnjdns's dnscache on one host with no luck. I also tried using my router's dns server. It's really driving me crazy.

Check this out. Individual ping times are fine, but look at the total time!

```
myth justin # ping google.com

PING google.com (216.239.37.99) 56(84) bytes of data.

64 bytes from 216.239.37.99: icmp_seq=1 ttl=241 time=39.9 ms

64 bytes from 216.239.37.99: icmp_seq=2 ttl=241 time=26.5 ms

64 bytes from 216.239.37.99: icmp_seq=3 ttl=241 time=26.9 ms

64 bytes from 216.239.37.99: icmp_seq=4 ttl=241 time=46.6 ms

--- google.com ping statistics ---

4 packets transmitted, 4 received, 0% packet loss, time 40992ms

rtt min/avg/max/mdev = 26.514/35.001/46.646/8.628 ms
```

----------

## JustinHoMi

All of a sudden dns works again! It keeps doing that... doesn't make any sense.

----------

## easykill169

My ISP is roadrunner in Charlotte, NC and their domain name is carolina.rr.com. So I inserted:

domainname carolina.rr.com

in /etc/resolv.conf so it would append that to the first query which would be a local lookup for the dns server and almost instantaneously and then move on to the real domain name. My dns query times went from 15-20 seconds to 2-5 seconds. I tried all the ipv6 things in other threads and they did absolutely nothing. I didn't recompile firefox with the -ipv6 in USE, so I think that may have been bs or an older version. Hope this helps someone.

----------

## JustinHoMi

Well that's interesting... I'm in Raleigh. I wonder if RR has done something to their servers.

----------

## JustinHoMi

What package do you need to install for nslookup?

----------

## easykill169

bind-tools

It also includes dig

----------

## easykill169

Justin, have you tried domainname nc.rr.com in your /etc/resolv.conf file? If so let us know if it speeds things up.

----------

## JustinHoMi

I thought I did, but maybe I did it on the other computer by accident (too many shells!). It's working very fast right now, but we'll see if it lasts through the day. I've realized that it normally gets slow at peak hours... from 5pm until midnight. It just started like this though... and it still doesn't make sense that dns would take so long, since I have dnscache running locally. Can you tell a difference based on time of day?

Anyways, I'll letcha know.

Justin

----------

## kar1107

Try just swapping the entries in /etc/resolv.conf

[url]

https://forums.gentoo.org/viewtopic-p-2373356.html#2373356

[/url]

Its just that the primary dns server is overloaded and secondary is free.

Even I saw erratic behavior. sometimes on bootup things are fast; the next day slow.

I think the behavior is to do with the primary/secondary load the time you are given dhcp info.

It would be cool if the server could be chosen based on current load on servers (indirectly on response time on the local machine.

I think I'll go now and collect my gold bounty from Enantiodromia  :Cool: 

----------

## easykill169

I only have, and have always only had one dns server in /etc/resolv.conf because there is only one dns server on my subnet. Not that that means everything, but it seemed better that way.

----------

## easykill169

I actually read the f'in man page on resolv.conf and found a little entry ndots: n  where n is the number of dots required before doing an absoute query. So I removed the domainname from my /etc/resolv.conf and added ndots:n and everything was still fast. So then thinking I'll just prove that this is the reason, I deleted the ndots line and everything was still fast. I have no idea. My /etc/resolv.conf only has my nameserver line. My /etc/hosts has 127.0.0.1 for localhost and then my internal ip for my host name and fqdn, but nothing to do with rr.com, it's my own domain name. So I am at a complete loss as to why mine started working correctly.

----------

## JustinHoMi

Yeah, I've messed around with mine too, and it just seems to go fast now. I guess RR was having problems.

----------

## kar1107

easykill.. even i had mysterious fixes before!! I just login the next day.. and lookups will be blazingly fast! And i am sure there is no real cause-effect. My feeling is its just how fast your ISP's dns server can respond at that point in time. If its peak time and the server is loaded, the requests get slow response. I could see this with dig @primary-dns-ip www.google.com and dig @secondary-dns-ip www.google.com.

So just check which server is loaded less and use. If you have only one dns server and that is loaded... I don't see an easy solution (assuming dig is also slow). May be you can complain to the ISP or try to use someother public dns server (or another ISP's.. if thats ok)

If you have a local dns server in your LAN, I assume it has to contact some external dns server. What server is that? that could be overloaded -- typically ISPs give two dns servers. You can double check.

----------

## JustinHoMi

I'm pretty sure most dns servers contact the root servers directly... but I could be wrong.

----------

## easykill169

Roadrunner has about 4 servers with only one on my network. Most isp's have two dns servers because they have to have at least two in order to handle their own domain's dns. I still have absolutely no answer to why it was slow for weeks and has been fast starting the exact second I added domainname carolina.rr.com to /etc/resolv.conf and is still going fast now that I've deleted it. I did install another dns client at some point but I'm not sure which one or if it is even being used. This is just too weird, and since it's working, I'm not going to touch it again.

----------

