Why is my name resolution so slow?

I know that things don't happen on their own, but this has been
happening on my system for just the past few days. I haven't done any
updates or installed any new software. My system is running Fedora 2. It
seems that name resolution is very slow for some reason. Here is a
capture using tethereal going to www.sun.com. It takes 20 seconds from
hitting enter at the browser to the first SYN packet. My system sends
the DNS request then ARPs for the router interface. Then it sends a DNS
query to the secondary DNS server. Then it gets a response from the
second server, but there is no resolution of IP address. It keeps
repeating these queries, but it's not until 15 seconds in that it gets
the IP for www.sun.com.

0.000000 192.168.20.5 -> 216.140.16.151 DNS Standard query AAAA
www.sun.com
4.998479 00:0f:fe:01:35:5d -> SC&C_4e:b9:0c ARP Who has 192.168.20.1?
Tell 192.168.20.5
4.999293 SC&C_4e:b9:0c -> 00:0f:fe:01:35:5d ARP 192.168.20.1 is at
00:00:21:4e:b9:0c
5.018201 192.168.20.5 -> 216.142.229.66 DNS Standard query AAAA
www.sun.com
5.081567 216.142.229.66 -> 192.168.20.5 DNS Standard query response
5.081855 192.168.20.5 -> 216.140.16.151 DNS Standard query AAAA
www.sun.com
10.081293 SC&C_4e:b9:0c -> 00:0f:fe:01:35:5d ARP Who has 192.168.20.5?
Tell 192.168.20.1
10.081314 00:0f:fe:01:35:5d -> SC&C_4e:b9:0c ARP 192.168.20.5 is at
00:0f:fe:01:35:5d
10.082120 192.168.20.5 -> 216.142.229.66 DNS Standard query AAAA
www.sun.com
10.111810 216.142.229.66 -> 192.168.20.5 DNS Standard query response
10.112078 192.168.20.5 -> 216.140.16.151 DNS Standard query A www.sun.com
15.112058 192.168.20.5 -> 216.142.229.66 DNS Standard query A www.sun.com
15.790859 216.142.229.66 -> 192.168.20.5 DNS Standard query response A
209.249.116.195
15.791318 192.168.20.5 -> 216.140.16.151 DNS Standard query PTR
195.116.249.209.in-addr.arpa
20.791160 192.168.20.5 -> 216.142.229.66 DNS Standard query PTR
195.116.249.209.in-addr.arpa
20.823369 216.142.229.66 -> 192.168.20.5 DNS Standard query response
PTR 209.249.116.195.available
20.826312 192.168.20.5 -> 209.249.116.195 TCP 32858 > http [SYN] Seq=0
Ack=0 Win=5840 Len=0 MSS=1460 TSV=10066619 TSER=0 WS=0

A simple ping to www.sun.com is faster, but still takes 5 seconds until
the first ping:

0.000000 192.168.20.5 -> 216.140.16.151 DNS Standard query A www.sun.com
4.998443 00:0f:fe:01:35:5d -> SC&C_4e:b9:0c ARP Who has 192.168.20.1?
Tell 192.168.20.5
4.999260 SC&C_4e:b9:0c -> 00:0f:fe:01:35:5d ARP 192.168.20.1 is at
00:00:21:4e:b9:0c
5.012535 192.168.20.5 -> 216.142.229.66 DNS Standard query A www.sun.com
5.032877 216.142.229.66 -> 192.168.20.5 DNS Standard query response A
209.249.116.195
5.036084 192.168.20.5 -> 209.249.116.195 ICMP Echo (ping) request

The strange thing is that no other systems exhibit this behavior. In
fact, I am running Windows 2000 in a VMWare virtual machine on this same
system. Here is a capture from that virtual system going to Sun.com:

0.000000 192.168.20.104 -> 216.142.229.66 DNS Standard query A
www.sun.com
0.000886 192.168.20.104 -> 216.142.229.66 DNS Standard query A
www.sun.com
0.023886 216.142.229.66 -> 192.168.20.104 DNS Standard query response
A 209.249.116.195
0.027707 192.168.20.104 -> 209.249.116.195 TCP 1482 > http [SYN]
Seq=0 Ack=0 Win=64240 Len=0 MSS=1460

The DNS server answers the query in only a fraction of a second and
there is no repeating of queries.

Does anyone have an idea of why this is happening?

park_ wrote:

> I know that things don't happen on their own, but this has been
> happening on my system for just the past few days. I haven't done any
> updates or installed any new software. My system is running Fedora 2. It
> seems that name resolution is very slow for some reason. Here is a
> capture using tethereal going to www.sun.com. It takes 20 seconds from
> hitting enter at the browser to the first SYN packet. My system sends
> the DNS request then ARPs for the router interface. Then it sends a DNS
> query to the secondary DNS server. Then it gets a response from the
> second server, but there is no resolution of IP address. It keeps
> repeating these queries, but it's not until 15 seconds in that it gets
> the IP for www.sun.com.
>
> 0.000000 192.168.20.5 -> 216.140.16.151 DNS Standard query AAAA
> www.sun.com
> 4.998479 00:0f:fe:01:35:5d -> SC&C_4e:b9:0c ARP Who has 192.168.20.1?
> Tell 192.168.20.5
> 4.999293 SC&C_4e:b9:0c -> 00:0f:fe:01:35:5d ARP 192.168.20.1 is at
> 00:00:21:4e:b9:0c
> 5.018201 192.168.20.5 -> 216.142.229.66 DNS Standard query AAAA
> www.sun.com
> 5.081567 216.142.229.66 -> 192.168.20.5 DNS Standard query response
> 5.081855 192.168.20.5 -> 216.140.16.151 DNS Standard query AAAA
> www.sun.com
> 10.081293 SC&C_4e:b9:0c -> 00:0f:fe:01:35:5d ARP Who has 192.168.20.5?
> Tell 192.168.20.1
> 10.081314 00:0f:fe:01:35:5d -> SC&C_4e:b9:0c ARP 192.168.20.5 is at
> 00:0f:fe:01:35:5d
> 10.082120 192.168.20.5 -> 216.142.229.66 DNS Standard query AAAA
> www.sun.com
> 10.111810 216.142.229.66 -> 192.168.20.5 DNS Standard query response
> 10.112078 192.168.20.5 -> 216.140.16.151 DNS Standard query A www.sun.com
> 15.112058 192.168.20.5 -> 216.142.229.66 DNS Standard query A www.sun.com
> 15.790859 216.142.229.66 -> 192.168.20.5 DNS Standard query response A
> 209.249.116.195
> 15.791318 192.168.20.5 -> 216.140.16.151 DNS Standard query PTR
> 195.116.249.209.in-addr.arpa
> 20.791160 192.168.20.5 -> 216.142.229.66 DNS Standard query PTR
> 195.116.249.209.in-addr.arpa
> 20.823369 216.142.229.66 -> 192.168.20.5 DNS Standard query response
> PTR 209.249.116.195.available
> 20.826312 192.168.20.5 -> 209.249.116.195 TCP 32858 > http [SYN] Seq=0
> Ack=0 Win=5840 Len=0 MSS=1460 TSV=10066619 TSER=0 WS=0
>
> A simple ping to www.sun.com is faster, but still takes 5 seconds until
> the first ping:
>
> 0.000000 192.168.20.5 -> 216.140.16.151 DNS Standard query A www.sun.com
> 4.998443 00:0f:fe:01:35:5d -> SC&C_4e:b9:0c ARP Who has 192.168.20.1?
> Tell 192.168.20.5
> 4.999260 SC&C_4e:b9:0c -> 00:0f:fe:01:35:5d ARP 192.168.20.1 is at
> 00:00:21:4e:b9:0c
> 5.012535 192.168.20.5 -> 216.142.229.66 DNS Standard query A www.sun.com
> 5.032877 216.142.229.66 -> 192.168.20.5 DNS Standard query response A
> 209.249.116.195
> 5.036084 192.168.20.5 -> 209.249.116.195 ICMP Echo (ping) request
>
> The strange thing is that no other systems exhibit this behavior. In
> fact, I am running Windows 2000 in a VMWare virtual machine on this same
> system. Here is a capture from that virtual system going to Sun.com:
>
> 0.000000 192.168.20.104 -> 216.142.229.66 DNS Standard query A
> www.sun.com
> 0.000886 192.168.20.104 -> 216.142.229.66 DNS Standard query A
> www.sun.com
> 0.023886 216.142.229.66 -> 192.168.20.104 DNS Standard query response
> A 209.249.116.195
> 0.027707 192.168.20.104 -> 209.249.116.195 TCP 1482 > http [SYN] Seq=0
> Ack=0 Win=64240 Len=0 MSS=1460
>
> The DNS server answers the query in only a fraction of a second and
> there is no repeating of queries.
>
> Does anyone have an idea of why this is happening?

As a temporary fix, you may want to run a cache-only name server on you
LAN.

park_ wrote:

> 0.000000 192.168.20.5 -> 216.140.16.151 DNS Standard query AAAA
> www.sun.com
> 4.998479 00:0f:fe:01:35:5d -> SC&C_4e:b9:0c ARP Who has 192.168.20.1?
> Tell 192.168.20.5
> 4.999293 SC&C_4e:b9:0c -> 00:0f:fe:01:35:5d ARP 192.168.20.1 is at
> 00:00:21:4e:b9:0c
> 5.018201 192.168.20.5 -> 216.142.229.66 DNS Standard query AAAA
> www.sun.com
> 5.081567 216.142.229.66 -> 192.168.20.5 DNS Standard query response
> 5.081855 192.168.20.5 -> 216.140.16.151 DNS Standard query AAAA
> www.sun.com
> 10.081293 SC&C_4e:b9:0c -> 00:0f:fe:01:35:5d ARP Who has 192.168.20.5?
> Tell 192.168.20.1
> 10.081314 00:0f:fe:01:35:5d -> SC&C_4e:b9:0c ARP 192.168.20.5 is at
> 00:0f:fe:01:35:5d
> 10.082120 192.168.20.5 -> 216.142.229.66 DNS Standard query AAAA
> www.sun.com


Perhaps you could try to disable IPV6 on your system if not used

add in /etc/modprobe.conf
alias net-pf-10 off
alias ipv6 off



--
Weill Philippe - Administrateur Systeme et Reseaux

park_ wrote:

> I know that things don't happen on their own, but this has been
> happening on my system for just the past few days. I haven't done any
> updates or installed any new software. My system is running Fedora 2. It
> seems that name resolution is very slow for some reason. Here is a
> capture using tethereal going to www.sun.com. It takes 20 seconds from
> hitting enter at the browser to the first SYN packet. My system sends
> the DNS request then ARPs for the router interface. Then it sends a DNS
> query to the secondary DNS server. Then it gets a response from the
> second server, but there is no resolution of IP address. It keeps
> repeating these queries, but it's not until 15 seconds in that it gets
> the IP for www.sun.com.
>
> 0.000000 192.168.20.5 -> 216.140.16.151 DNS Standard query AAAA
> www.sun.com
> 4.998479 00:0f:fe:01:35:5d -> SC&C_4e:b9:0c ARP Who has 192.168.20.1?
> Tell 192.168.20.5
> 4.999293 SC&C_4e:b9:0c -> 00:0f:fe:01:35:5d ARP 192.168.20.1 is at
> 00:00:21:4e:b9:0c
> 5.018201 192.168.20.5 -> 216.142.229.66 DNS Standard query AAAA
> www.sun.com
> 5.081567 216.142.229.66 -> 192.168.20.5 DNS Standard query response
> 5.081855 192.168.20.5 -> 216.140.16.151 DNS Standard query AAAA
> www.sun.com
> 10.081293 SC&C_4e:b9:0c -> 00:0f:fe:01:35:5d ARP Who has 192.168.20.5?
> Tell 192.168.20.1
> 10.081314 00:0f:fe:01:35:5d -> SC&C_4e:b9:0c ARP 192.168.20.5 is at
> 00:0f:fe:01:35:5d
> 10.082120 192.168.20.5 -> 216.142.229.66 DNS Standard query AAAA
> www.sun.com
> 10.111810 216.142.229.66 -> 192.168.20.5 DNS Standard query response
> 10.112078 192.168.20.5 -> 216.140.16.151 DNS Standard query A
> www.sun.com 15.112058 192.168.20.5 -> 216.142.229.66 DNS Standard query
> A www.sun.com 15.790859 216.142.229.66 -> 192.168.20.5 DNS Standard
> query response A
> 209.249.116.195
> 15.791318 192.168.20.5 -> 216.140.16.151 DNS Standard query PTR
> 195.116.249.209.in-addr.arpa
> 20.791160 192.168.20.5 -> 216.142.229.66 DNS Standard query PTR
> 195.116.249.209.in-addr.arpa
> 20.823369 216.142.229.66 -> 192.168.20.5 DNS Standard query response
> PTR 209.249.116.195.available
> 20.826312 192.168.20.5 -> 209.249.116.195 TCP 32858 > http [SYN] Seq=0
> Ack=0 Win=5840 Len=0 MSS=1460 TSV=10066619 TSER=0 WS=0
>
> A simple ping to www.sun.com is faster, but still takes 5 seconds until
> the first ping:
>
> 0.000000 192.168.20.5 -> 216.140.16.151 DNS Standard query A
> www.sun.com 4.998443 00:0f:fe:01:35:5d -> SC&C_4e:b9:0c ARP Who has
> 192.168.20.1?
> Tell 192.168.20.5
> 4.999260 SC&C_4e:b9:0c -> 00:0f:fe:01:35:5d ARP 192.168.20.1 is at
> 00:00:21:4e:b9:0c
> 5.012535 192.168.20.5 -> 216.142.229.66 DNS Standard query A
> www.sun.com 5.032877 216.142.229.66 -> 192.168.20.5 DNS Standard query
> response A
> 209.249.116.195
> 5.036084 192.168.20.5 -> 209.249.116.195 ICMP Echo (ping) request
>
> The strange thing is that no other systems exhibit this behavior. In
> fact, I am running Windows 2000 in a VMWare virtual machine on this same
> system. Here is a capture from that virtual system going to Sun.com:
>
> 0.000000 192.168.20.104 -> 216.142.229.66 DNS Standard query A
> www.sun.com
> 0.000886 192.168.20.104 -> 216.142.229.66 DNS Standard query A
> www.sun.com
> 0.023886 216.142.229.66 -> 192.168.20.104 DNS Standard query response
> A 209.249.116.195
> 0.027707 192.168.20.104 -> 209.249.116.195 TCP 1482 > http [SYN]
> Seq=0 Ack=0 Win=64240 Len=0 MSS=1460
>
> The DNS server answers the query in only a fraction of a second and
> there is no repeating of queries.
>
> Does anyone have an idea of why this is happening?
Hi,

you Linux box queries the server 216.140.16.151 first. This server is no DNS
server (just ckecked it). I think it is not even up. Your virtual machine
queries the DNS server 216.142.229.66, which is a DNS server. Your Linux
box falls after a while also back to 216.142.229.66, but this is a waste of
time, of course. Please correct your /etc/resolf.conf.

Alex