On 2014-07-14 11:39, Linda Walsh wrote:
Carlos E. R. wrote:
By asking the DNS server of my ISP, which will respond directly if it has the answer, or query the root servers for me. This diminishes the load on the root servers, and is considered the polite behaviour.
For those who don't keep DNS running on a server, that's probably true.
For those who keep DNS running on a server, the expire time for the root servers is 3600000s or 42 days. If the load increases too much on the root servers, I'm pretty sure they could increase that.
I would consider doing that for more serious usage than mine :-)
So no, I can not accept that it performs worse, and just on a single service.
And how many other services do you run UDP with -- which is likely the default for lower-powered routers doing DNS resolution?
None to the outside, as far as I know. Or next to none. Internet traffic is mostly pop/imap/smtp/nntp/http and a few dns queries. Other things at times, like emule, svn, etc. I found out how to do "bandwidth control" on my router, it does not have QoS. It is not clearly explained on the manual, which just about prints nice photos of the screen, with empty boxes so that I can not guess what is the acceptable syntax (it is a TP-Link TD-W8970)
Description Priority Upstream Bandwidth Downstream Bandwidth Status Min Max Min Max 192.168.1.2-192.168.1.254 /53 /ALL 5 1 100 1 100 Enable
which reads, I understand, like all internal machines (it does not allow external IPs defined in there) on port 53 UDP and TCP have a minimum of 1Kb/s reserved. For that port, I assume. It appears to work better, housewide. I had to google many forum pages from people asking how to do it. Some answers just said to flash the device, which is not an answer.
No, it doesn't for multiple reasons (any *1* of which could cause problems as you are seeing).
1) your pc dns queries to a recursive resolver, are likely TCP, so they won't time out and will have reliable connections while the recursive resolver does any needed resolution.
But you see, I'm using my PC DNS daemon, aka bind. And it times out. You see, it first has to get a connection on port 53 to somewhere established... if this can not be made, it does not matter that once done it times out or not.
5) if you are querying your ISP (or google) they likely have the answer to your query in their cache meaning they have no lookups to do and you just need to get a reply.
Which I don't get. And some of the queries are to my isp asking for my isp smtp server, and they time out.
6). if you are querying your ISP or google, you are using 'fat pipes' for all but the last leg to your house, which is the same regardless of source. This strongly affects response time.
Of course.
7. As mentioned previously, if you have a smaller router doing lookups, it will likely not have the cache that your ISP would, so it may not be able to hold root servers in cache for 42 days.
But my PC, which queried my router, does have the cache. It is not powered off, but hibernated, so it should keep. And it doesn't. And in fact... look: cer@Telcontar:~> dig smtp.telefonica.net ; <<>> DiG 9.9.4-rpz2.13269.14-P2 <<>> smtp.telefonica.net ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22149 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 25 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;smtp.telefonica.net. IN A ;; ANSWER SECTION: smtp.telefonica.net. 184 IN A 86.109.99.70 ;; AUTHORITY SECTION: . 5573 IN NS c.root-servers.net. . 5573 IN NS m.root-servers.net. . 5573 IN NS i.root-servers.net. . 5573 IN NS a.root-servers.net. . 5573 IN NS e.root-servers.net. . 5573 IN NS g.root-servers.net. . 5573 IN NS f.root-servers.net. . 5573 IN NS k.root-servers.net. . 5573 IN NS d.root-servers.net. . 5573 IN NS j.root-servers.net. . 5573 IN NS h.root-servers.net. . 5573 IN NS b.root-servers.net. . 5573 IN NS l.root-servers.net. ;; ADDITIONAL SECTION: a.root-servers.net. 191424 IN A 198.41.0.4 a.root-servers.net. 193089 IN AAAA 2001:503:ba3e::2:30 b.root-servers.net. 194508 IN A 192.228.79.201 b.root-servers.net. 32436 IN AAAA 2001:500:84::b c.root-servers.net. 69101 IN A 192.33.4.12 c.root-servers.net. 4779 IN AAAA 2001:500:2::c d.root-servers.net. 105809 IN A 199.7.91.13 d.root-servers.net. 28599 IN AAAA 2001:500:2d::d e.root-servers.net. 200517 IN A 192.203.230.10 f.root-servers.net. 58737 IN A 192.5.5.241 f.root-servers.net. 4780 IN AAAA 2001:500:2f::f g.root-servers.net. 201930 IN A 192.112.36.4 h.root-servers.net. 230382 IN A 128.63.2.53 h.root-servers.net. 55823 IN AAAA 2001:500:1::803f:235 i.root-servers.net. 230382 IN A 192.36.148.17 i.root-servers.net. 34338 IN AAAA 2001:7fe::53 j.root-servers.net. 232769 IN A 192.58.128.30 j.root-servers.net. 20143 IN AAAA 2001:503:c27::2:30 k.root-servers.net. 89299 IN A 193.0.14.129 k.root-servers.net. 30023 IN AAAA 2001:7fd::1 l.root-servers.net. 119048 IN A 199.7.83.42 l.root-servers.net. 62187 IN AAAA 2001:500:3::42 m.root-servers.net. 66051 IN A 202.12.27.33 m.root-servers.net. 26222 IN AAAA 2001:dc3::35 ;; Query time: 114 msec ;; SERVER: 192.168.1.14#53(192.168.1.14) ;; WHEN: Mon Jul 14 15:56:18 CEST 2014 ;; MSG SIZE rcvd: 788 cer@Telcontar:~> Despite me having on /etc/named.conf forwarders { 80.58.61.250; 80.58.61.254; 208.67.222.222; 8.8.8.8; }; forward first; it is asking the root servers. What I wanted to find out was the timeout, anyhow... In fact, that's one of the addresses that nags me, because when I want to send an email during a busy time (full pipe), they fail simply because my postfix can not verify my own email address. Even if I did send an email a while before, it doesn't remember the address. And it is bind, no memory restraints. Not the router.
So there multiple reasons why DNS lookups from your PC through your ISP are very different from DNS lookups performed by your router. There are likely more. Once you get into to doing benchmarks, you start to realize how many variables it takes to keep things "relatively constant".
I know they are different; but the current problem, which is simply getting queries done, is basically the same: the router performance when the ADSL pipe is full.
Whether or not any of those are an issue in your specific case or whether or not some other issue is, is an unknown until you do measurements and traffic analysis, which are 'greek' (or is that 'geek?) to most people...
I'm not saying you should learn such arcana, but I am saying you shouldn't rule out things based on cursory knowledge, either.
Ok, but none of that benefits me at present. The basic problem is that my router does not do QoS, and does not prioritize DNS packets. So when the pipe is full, they don't get out, or in, simple as that... I have done some BW configuration on it, and maybe it works, maybe not. We'll see. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)