LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Slackware (https://www.linuxquestions.org/questions/slackware-14/)
-   -   Not sure. Is this a DNS issue? (https://www.linuxquestions.org/questions/slackware-14/not-sure-is-this-a-dns-issue-4175411128/)

aocab 06-12-2012 10:36 PM
Not sure. Is this a DNS issue?
 
Not sure. Is this a DNS issue?

Over the last couple of days I will be browsing around on the internet just fine and then all of the sudden firefox appears to have a problem with some sites where it shows "looking up..." and will sit there for quite a while before the page finally loads (it does not happen for all sites).

Attempting to do a traceroute I notice after about 10 entries it shows:

Code:
# traceroute tvguide.com                                               
traceroute to tvguide.com (204.153.26.245), 30 hops max, 60 byte packets
 1  192.168.1.1 (192.168.1.1)  4.367 ms  4.676 ms  4.919 ms
...
11  * * *
...
30  * * *
The first entry does indicate the ip address for the site in question
so I assume the dns lookup is working okay and the problem might be
an issue with a server in between me and the site in question.

Thinking that maybe if I flush the dns cache it might help...
I researched how to do that in slackware and came up with these commands:

Code:
# rndc flush
# rndc status
Both return:
Code:
rndc: connect failed: 127.0.0.1#953: connection refused
Researching the error message I came across messages that indicate the problem could be a
permissions problem with the /var/named folder or port 53/953 are being blocked in the firewall.

Code:
# ls -al /var/named/
total 12
drwxr-xr-x  3 root root 4096 Jun 12 20:03 ./
drwxr-xr-x 17 root root 4096 May 25 18:19 ../
drwxr-xr-x  2 root root 4096 Mar 23 21:46 caching-example/
The firewall I'm using was generated using Easy Firewall Generator at http://connie.slackware.com/~alien/efg/

Code:
# cat /etc/resolv.conf
search localdomain
nameserver nnn.nnn.nnn.nnn
nameserver nnn.nnn.nnn.nnn
Where nnn.nnn.nnn.nnn = isp name servers (same as those listed in the router)

Code:
# grep -v '#' /etc/rc.d/rc.inet1.conf                                       
IPADDR[0]="192.168.1.114"
NETMASK[0]="255.255.255.0"
USE_DHCP[0]=""
DHCP_HOSTNAME[0]=""

GATEWAY="192.168.1.1"
DEBUG_ETH_UP="no"
Rebooting the system appears to get things working again for a while.
After the machine has been online for several hours the problem apppears to come back.
I tend to notice the issue when I check tvguide.com. It happens on other sites as well but not all sites.

Questions:

1. Is this a dns issue or an issue between my machine and the sites in question?

2. Is there anything else I can try to help isolate the issue?

3. Am I attempting to flush the dns cache correctly?
3a. If yes, what else could be causing the error message?

Anyone have any ideas?
Thanks in advance.
Cheers

Either way it is not that big a deal just more of a nuisance.

P.S. Not sure it's related but I was getting the following error message shortly before posting this message:
Code:
502 Bad Gateway
nginx
Edit:
I came across an old thread:
http://www.linuxquestions.org/questi...errror-229950/

However that was for Mandrake and Slackware appears to be configured differently.

The thread mentions to run rndc-confgen to create the configuration files. When I do that what gets generated has a key and options entry.

I have /etc/rndc.key which already has a key entry.
So I am still not quite sure exactly how to flush the dns cache or if it's even possible.

Edit 2:
Came across another old thread http://www.linuxquestions.org/questi...10-2-a-624750/

This one for Slackware 10.2 which mentions:
Quote:
Slackware has nothing in the way of a DNS cache (unless you set up BIND locally to do that.
So if Slackware -current is still set up this way it looks like
there is no cache for me to flush unless I set up bind locally.

So I will mark this thread as solved.

However, if anyone has any ideas on how to isolate the problem with firefox and the "looking up..." message please chime in.

Although to me it appears the problem is outside my machine but I am not positive.

Cheers

salasi 06-13-2012 04:20 AM
Even though is marked as solved, it really isn't, is it?

Quote:
Originally Posted by aocab (Post 4701890)
Not sure. Is this a DNS issue?
Possibly. To find out you should be trying dig.

Quote:
...so I assume the dns lookup is working okay and the problem might be...
It doesn't prove that DNS is working at an adequate speed and it doesn't prove that any other address gets looked up. But, apart from that, it seems to be working...

Quote:
Thinking that maybe if I flush the dns cache it might help...
Probably unlikely that flushing the cache will help. It might just if you are getting bad lookups, but you are more likely to be getting slow lookups or timeouts.

Quote:
Where nnn.nnn.nnn.nnn = isp name servers (same as those listed in the router)
isp DNS servers are of very variable quality. Some good, some not so good and some more-or-less stop working when the load is high. Do one of the folowing
  • ping servers repeatedly over a time period; do you consistently get results well under 100mS? If not, do something else.
  • use dig repetedly. are results consistent (with the possible exception of a speed up for second and subsequent look ups? If not, do something else
  • use one of several DNS benchmarking tools. switch to fastest.

Quote:
1. Is this a dns issue or an issue between my machine and the sites in question?
With a lot of sites, these days, the problem is that the site is not just the site. That is site adverts come from one of several other sites and maybe site analytics come from yet another site, and some of the content might be external, too. So, you might end up needing up to a dozen lookups to get a single page, so just testing the page that is specified in the URL may or may not indicate something.

Quote:
o if Slackware -current is still set up this way it looks like
there is no cache for me to flush unless I set up bind locally.
Broadly, and by default, Linux doesn't have a DNS cache set up by default. There are a load of options for DNS caching, and if this is all you want to do, BIND isn't necessarily the best option. BIND doesn't necessarily have the most glowing of security histories and is complex to set up (kind of a consequence of being a 'Swiss Army knife' app that can do anything, but has thousands of config options to get there; compare and contrast with, say, DNSMASQ which is almost hilariously simple to configure, in comparison, and is less heavyweight in the bad sense).

On a slightly different front, you might find Chrome/Chromium doesn't have this problem to the same extent, because it has a 'pre-fetch DNS lookups for linked pages' option (not sure of the exact name - something like 'pre-fetch DNS'). I don't think that I'd yet want to use Chrome/Chromium full time, but then, I use Opera...

tronayne 06-13-2012 06:10 AM
If I may add to @salasi's post (good info, that) you may want to change your /etc/resolv.conf to
Code:
search com
nameserver xxx.xxx.xx.xx
nameserver xxx.xxx.xx.xx
I'm not sure, but it looks like you're looking at your router's DNS. If that's the case, it may contribute to your problem -- router DNS is notorious for this sort of thing (my experience with Linksys has been to avoid using the router's DNS because it just stops after a while and you sit there waiting; YMMV). You may want to try shutting that feature off and use your ISP-provided DNS servers or, say, Google's:
Code:
search com
nameserver 8.8.8.8
nameserver 8.8.4.4
Those are usually fast responders; e.g.,
Code:
ping -c 5 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_req=1 ttl=46 time=1056 ms
64 bytes from 8.8.8.8: icmp_req=2 ttl=46 time=1164 ms
64 bytes from 8.8.8.8: icmp_req=3 ttl=46 time=923 ms
64 bytes from 8.8.8.8: icmp_req=4 ttl=46 time=1033 ms
64 bytes from 8.8.8.8: icmp_req=5 ttl=46 time=928 ms
The above results are via HughesNet satellite service which has a physical lag (22,500 miles up, 22,500 down, find it, 22,500 up and 22,500 down to me). Ya got the speed of light working against you there, eh. You'll be faster if you're on a broadband line or even a DSL copper line.

Just for grins, my /etc/rc.inet1.conf looks like this
Code:
# Config information for eth0:
IPADDR[0]="192.168.1.10"
NETMASK[0]="255.255.255.0"
USE_DHCP[0]=""
DHCP_HOSTNAME[0]=""
<some other stuff that's not used>
# Default gateway IP address:
GATEWAY="192.168.1.1"
That goes by Ethernet cable to a Linksys BEFSR41 Cable/DSL Router with 4-port switch to the satellite modem; DNS in the router is disabled and I don't have problems.

For what it's worth.

aocab 06-13-2012 10:48 AM
Quote:
Originally Posted by salasi (Post 4702055)
Even though is marked as solved, it really isn't, is it?
Not really, I just got tired of messing with it because it seemed I was going in circles with a problem that only appeared to affect some websites (not all) and did not happen all the time (only noticed it the last two days some time between 4-6pm).

Quote:
Originally Posted by salasi (Post 4702055)
Possibly. To find out you should be trying dig.
My bad, forgot to mention that I did try dig.
Code:
$ dig  tvguide.com

; <<>> DiG 9.9.0 <<>> tvguide.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17003
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;tvguide.com.                  IN      A

;; ANSWER SECTION:
tvguide.com.            1412    IN      A      204.153.26.245

;; Query time: 24 msec
;; SERVER: 209.18.47.61#53(209.18.47.61)
;; WHEN: Wed Jun 13 09:48:14 2012
;; MSG SIZE  rcvd: 56
Query time is usually below 30 msec. A couple of times I did see it in the 60 or 150 msec range.

Quote:
Originally Posted by salasi (Post 4702055)
isp DNS servers are of very variable quality. Some good, some not so good and some more-or-less stop working when the load is high. Do one of the folowing
  • ping servers repeatedly over a time period; do you consistently get results well under 100mS? If not, do something else.
  • use dig repetedly. are results consistent (with the possible exception of a speed up for second and subsequent look ups? If not, do something else
  • use one of several DNS benchmarking tools. switch to fastest.
Using tvguide.com as an example:
With ping I get 100% packet loss regardless if the problem is occuring. It is almost as if their server does not respond to pings. When doing a traceroute after the first 10 entries I get no response (entries 11-30).

With dig I usually get a response back in less than 30 msec.

I am not familiar with any dns benchmarking tools. Will have to research those.

Quote:
Originally Posted by salasi (Post 4702055)
With a lot of sites, these days, the problem is that the site is not just the site. That is site adverts come from one of several other sites and maybe site analytics come from yet another site, and some of the content might be external, too. So, you might end up needing up to a dozen lookups to get a single page, so just testing the page that is specified in the URL may or may not indicate something.
Correct. At the time of the problem I did not even bother checking any other sites except for the main site address I was trying to connect to.

Quote:
Originally Posted by salasi (Post 4702055)
On a slightly different front, you might find Chrome/Chromium doesn't have this problem to the same extent, because it has a 'pre-fetch DNS lookups for linked pages' option (not sure of the exact name - something like 'pre-fetch DNS').
Good to know.

Quote:
Originally Posted by tronayne (Post 4702109)
If I may add to @salasi's post (good info, that) you may want to change your /etc/resolv.conf to
Code:
search com
nameserver xxx.xxx.xx.xx
nameserver xxx.xxx.xx.xx
I am not familiar with that (i.e. using "search com" vs "search localdomain". I will have to look it up.

Quote:
Originally Posted by tronayne (Post 4702109)
I'm not sure, but it looks like you're looking at your router's DNS. If that's the case, it may contribute to your problem -- router DNS is notorious for this sort of thing (my experience with Linksys has been to avoid using the router's DNS because it just stops after a while and you sit there waiting; YMMV). You may want to try shutting that feature off and use your ISP-provided DNS servers or, say, Google's:
Using the router's DNS? I'm not sure the entries used in resolve.conf are the same ones that the router gets using DHCP.

I do not have any options in the router to change the dns settings. It is set to use DHCP. It does have DDNS settings which allows me to acces my network using domain names instead of ip addresses but that option is disabled.

Quote:
Originally Posted by tronayne (Post 4702109)
Code:
search com
nameserver 8.8.8.8
nameserver 8.8.4.4
Those are usually fast responders; e.g.,
Code:
ping -c 5 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_req=1 ttl=46 time=1056 ms
64 bytes from 8.8.8.8: icmp_req=2 ttl=46 time=1164 ms
64 bytes from 8.8.8.8: icmp_req=3 ttl=46 time=923 ms
64 bytes from 8.8.8.8: icmp_req=4 ttl=46 time=1033 ms
64 bytes from 8.8.8.8: icmp_req=5 ttl=46 time=928 ms
The above results are via HughesNet satellite service which has a physical lag (22,500 miles up, 22,500 down, find it, 22,500 up and 22,500 down to me). Ya got the speed of light working against you there, eh. You'll be faster if you're on a broadband line or even a DSL copper line.
I am on a broadband line (coax cable) with 20mb download speed.

Quote:
Originally Posted by tronayne (Post 4702109)
Just for grins, my /etc/rc.inet1.conf looks like this
Code:
# Config information for eth0:
IPADDR[0]="192.168.1.10"
NETMASK[0]="255.255.255.0"
USE_DHCP[0]=""
DHCP_HOSTNAME[0]=""
<some other stuff that's not used>
# Default gateway IP address:
GATEWAY="192.168.1.1"
Other than the IPADDR my inet1.conf is pretty much the same (although mine has DEBUG_ETH_UP="no").

Quote:
Originally Posted by tronayne (Post 4702109)
That goes by Ethernet cable to a Linksys BEFSR41 Cable/DSL Router with 4-port switch to the satellite modem; DNS in the router is disabled and I don't have problems.

For what it's worth.
Mine goes by Ethernet cable to a Linksys WRT54G Router with 4-port switch to the isp's cable modem. I do not have an option to disable DNS in the router.

Thanks for the feedback salasi and tronayne.
Cheers

On a side note:
The issue has not occurred yet today.
It's now 8pm and the machine has been online since 9am.


All times are GMT -5. The time now is 06:41 PM.