BIND9 SLOW ping when ping by hostname

dschuett · 02-01-2011, 10:05 PM

I just installed my first EVER bind DNS server. I am running bind9 on Ubuntu 10.04. Everything seems to be working great except one thing: If I ping a host that I have set up in bind by its HOSTNAME the pings take 5-6 seconds to reply/print to the screen between each echo response. If I ping by the host's IP address, they echo back very quickly.

I have read that IPv6 can cause this, but I have disabled it in /etc/sysctl.conf and the problem still exists.

I know everyone says this can't be a DNS issue, but this never was an issue with dnsmasq (which i was using prior), and it doesn't make sense that the ping are ONLY slow when pinging by hostname and not IP.

I have posted configs below if it helps anyone.

Thanks in advance!

Ping by hostname - there is a 5-6 second delay between each one of the responses:

Code:

PING greenmachine.scs.local (192.168.0.201) 56(84) bytes of data.
64 bytes from 192.168.0.201: icmp_req=1 ttl=64 time=98.2 ms
64 bytes from 192.168.0.201: icmp_req=2 ttl=64 time=5.06 ms
64 bytes from 192.168.0.201: icmp_req=3 ttl=64 time=4.39 ms
64 bytes from 192.168.0.201: icmp_req=4 ttl=64 time=3.55 ms
64 bytes from 192.168.0.201: icmp_req=5 ttl=64 time=8.46 ms
64 bytes from 192.168.0.201: icmp_req=7 ttl=64 time=90.9 ms

Ping by IP - the responses come VERY quickly one after the other:

Code:

PING 192.168.0.201 (192.168.0.201) 56(84) bytes of data.
64 bytes from 192.168.0.201: icmp_req=1 ttl=64 time=1.05 ms
64 bytes from 192.168.0.201: icmp_req=2 ttl=64 time=3.93 ms
64 bytes from 192.168.0.201: icmp_req=3 ttl=64 time=7.07 ms
64 bytes from 192.168.0.201: icmp_req=4 ttl=64 time=4.43 ms
64 bytes from 192.168.0.201: icmp_req=5 ttl=64 time=0.842 ms
64 bytes from 192.168.0.201: icmp_req=6 ttl=64 time=2.31 ms

/etc/resolv.conf:

Code:

domain scs.local
search scs.local
nameserver 192.168.0.150

scs.local.db:

Code:

$TTL 3D
@ IN SOA ubuntu-VM.scs.local. admin.scs.local. (
2007031001;
28800;
3600;
604800;
38400
);

scs.local.    IN   NS      ubuntu-VM.scs.local.
ubuntu-VM     IN   A       192.168.0.150
greenmachine  IN   A       192.168.0.201
gateway       IN   A       192.168.0.1
www           IN   CNAME   greenmachine

rev.0.168.192.in-addr.arpa:

Code:

$TTL 3D
@ IN SOA ubuntu-VM.scs.local. admin.scs.local. (
2007031001;
28800;
604800;
604800;
86400
);


                IN    NS    ubuntu-VM.scs.local.
150             IN    PTR   ubuntu-VM.scs.local.
201             IN    PTR   greenmachine.scs.local.
1               IN    PTR   gateway.scs.local.

/etc/bind/named.conf.local:

Code:

#FORWARD LOOKUP ZONE
zone "scs.local"
{
        type master;
        file "/etc/bind/zones/scs.local.db";
};


#REVERSE LOOKUP ZONE
zone "0.168.192.in-addr.arpa"
{
        type master;
        file "rev.0.168.192.in-addr.arpa";
};

/etc/bind/named.conf.options:

Code:

options {
        directory "/var/cache/bind";

        forwarders {
        8.8.8.8;
        8.8.4.4;
        };

        auth-nxdomain no;    # conform to RFC1035
        listen-on-v6 { any; };
};

kbp · 02-01-2011, 11:23 PM

The hole in your theory that bind is the causing the delay, is that name resolution is only performed once at the beginning not for every packet sent.

dschuett · 02-01-2011, 11:28 PM

Quote:

Originally Posted by kbp

The hole in your theory that bind is the causing the delay, is that name resolution is only performed once at the beginning not for every packet sent.

I have already thought of this as well, however...I have been banging my head for hours fighting with this. What doesn't make sense is that it ONLY does this when i ping by hostname. Also, I just found out that it ONLY does this when pinging a host FROM a linux machine. If I ping a hostname from a windows machine the pings are very snappy!

Any other pointers are appreciated!

dschuett · 02-01-2011, 11:36 PM

Quote:

Originally Posted by dschuett

I have already thought of this as well, however...I have been banging my head for hours fighting with this. What doesn't make sense is that it ONLY does this when i ping by hostname. Also, I just found out that it ONLY does this when pinging a host FROM a linux machine. If I ping a hostname from a windows machine the pings are very snappy!

Any other pointers are appreciated!

Well, I just found out what is going on at this link: http://ubuntuforums.org/showthread.php?t=1357310

However, I don't understand how to fix this on my behalf for my internal clients???

kbp · 02-01-2011, 11:37 PM

Try tcpdump .. you may be able to see if there's anything different between the traffic patterns

dschuett · 02-01-2011, 11:43 PM

Quote:

Originally Posted by kbp

Try tcpdump .. you may be able to see if there's anything different between the traffic patterns

Just making sure you saw my above post... i can do a ping -n hostname and it works fine because supposedly each packet does a reverse dns lookup. <-- according to the link in the above post.

kbp · 02-01-2011, 11:58 PM

I just ran a ping and watched it with wireshark, there was only one reverse lookup for the first ping response, the result would have then been in the cache and further lookups weren't required. The suggestion that there is a reverse lookup for every response seems to be incorrect ...

dschuett · 02-02-2011, 12:01 AM

Quote:

Originally Posted by kbp

I just ran a ping and watched it with wireshark, there was only one reverse lookup for the first ping response, the result would have then been in the cache and further lookups weren't required. The suggestion that there is a reverse lookup for every response seems to be incorrect ...

Could this just be an Ubuntu thing?

kbp · 02-02-2011, 03:35 AM

Not likely .. they probably use the same source code, in Fedora ping is part of the iputils package

dschuett · 02-02-2011, 12:32 PM

Well, I seemed to figure out what was going on... I checked tcp dump, and Ubuntu is in fact doing a reverse DNS look up on every ping packet. (Only tested on Ubuntu DESKTOP). These are usually cached by Bind9 (which would give quick echo replies), but in my case they were not being cached because of a misconfiguration in my bind config. In my named.conf.options I had directory "/var/cache/bind"; but in my case i store my zone files in /etc/bind/zones, so changing that line to read: directory "/etc/bind/zones"; has fixed this problem!

kbp · 02-02-2011, 05:17 PM

After some further digging I found Linux doesn't seem to cache query results by default, you need to be running nscd or similar. Sometimes you take things for granted...