Search squid archive

Re: Anyone has experience with Windows clients DNS timeout

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




Hi,

i fully agree with Amos. I experience several seconds delay these days in resolving names.

Using google, which is having a very fast and heavily caching dns,
is not a good example for recreating this effect.

I could imagine that the seveal DNS encryption methods,
DNS-over-TLS and -over-HTTPS, that are only supported by some
adding to that delay, as they require more overhead
and also the client has to find out which method is supported and which not

Cheers,

Klaus Westkamp


On 30/12/2020 09:07, L.P.H. van Belle wrote:
Hai Elizer

Sorry, im not fully agreeing with Amos here..

If you DNS is taking 7-10 sec, i would investigate why the dns is that slow.
Something is off, that simple.


A small example of my dns resolving to internet and my lan dnsservers.

time dig a www.google.nl @8.8.8.8  @internet dns
real    0m0.115s

real    0m0.031s	@lan dns, lookup 1.
real    0m0.016s	@lan dns, lookup 2. (cached one)

So, in my opinion 7-10 seconds timeout is really off.
In the last we..

Is the lan dns set as an authoritive server.
Are the pc's correctly registering in the dns with there primary DNS domain.

in resolv.conf make sure the primaryDns domain is first in resolv.conf
primary.dnsdomain.tld = output of $(hostname -d)

search primary.dnsdomain.tld  (optional extra, other.dnsdomain.tld dnsdomain.tld )
nameserver 192.168.1.1
nameserver 192.168.1.2
nameserver 192.168.1.3
nameserver 192.168.1.4
nameserver 192.168.1.5

# these are the options to look into also. ( in this order )
options edns0		# allowed 4096 byte packages.
options rotate		# if you have more then 1 dns server this can help.
options timeout:3	
options no-check-names	# dont check for invalid characters such as underscore (_), non-ASCII, or control characters.


Check the following.
- the DNS server tries to query first to the internet.
fix might be, resolving (search line) in /etc/resolv.conf

ipv4 / ipv6, try disableing ipv6 on the windows clients.
Dns is Non authoritive where it might be needed to set it to Authoritive.
Dns server is missing forwaring to the authoritive server.
Routing and routing orders
Are EDNS (4096bytes) big packages allowed
And is the firewall allowing UDP and TCP packages on port 53

I run 3 samba-AD dns servers with Bind9_DLZ
My proxy runs a Bind9 caching and forwarding setup.
The primay DNS domain is forwarded to the Samba-AD dns server.
These are the Authoritive servers.

This is on average my slowest querie 0.1-0.2 sec  ( on the samba dns )
i checked the last year in my monitoring.
Normal is 0.03-0.01 sec

If there are problems in samba these days its 80% of all cases a resolving setup problem.

I hope this gave you some ideas.


Greetz,

Louis

-----Oorspronkelijk bericht-----
Van: squid-users [mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx] Namens
NgTech LTD
Verzonden: dinsdag 29 december 2020 21:02
Aan: Squid Users
Onderwerp:  Anyone has experience with Windows clients DNS
timeout

I have seen this issue on Windows clients over the past.
Windows nslookup shows that the query has timed out after 2 seconds.
On Linux and xBSD I have researched this issue and have seen that:
the DNS server is doing a recursive lookup and it takes from 7 to 10++
seconds sometimes.
When I pre-warn the DNS cache and the results are cached it takes
lower then 500 ms for a response to be on the client side and then
everything works fine.

I understand that Windows DNS client times out..
When using froward proxy with squid or any other it works as expected
since the DNS resolution is done on the proxy server.
However for this issue I believe that this timeout should be increased
instead of moving to DNS over HTTPS.

I would like to hear if anyone has any resolution for this issue on
the Windows clients side.

Thanks,
Eliezer

----
Eliezer Croitoru
Tech Support
Mobile: +972-5-28704261
Email: ngtech1ltd@xxxxxxxxx
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux