| Slow internets - Click HERE for Original Thread |
| dtjohnst |
I'm not sure if this is something that anyone here can answer or not since I'm not sure where the problem lies, but I figured this was a good starting point.
I have a Windows Server 2003 Domain Controller with Active Directory running DHCP and DNS. I have 2 other windows boxes and 2 other linux boxes in my network. 1 Windows box is XP the other is Vista. 1 Linux box is Gentoo the other is Archlinux.
My LAN gateway IP is 10.0.0.1, my DC is 10.0.0.2, and one of my linux boxes (the Gentoo) uses a static 10.0.0.3. The DHCP server dishes out 10.0.0.2 as my DNS server, and my static configuration points there as well with no backup. My DNS server is configured to forward all requests not in my local domain to my gateway (10.0.0.1) which receives external DNS through it's WAN DHCP connection (it's a4port Linksys bluebox router/firewall).
Here's where it gets weird. If I hop on any of my 3 windows machines and ping something, anything, whether it be on my internal domain or on the internet, I get immediate replies in reasonable time. If I go to either my Archlinux or Gentoo boxes and run the ping it works flawlessly for machines on my internal domain whether they are listed in my hosts file or not. However, if I ping something on the internet, I get instant name resolution, then a 4 or 5 second delay, and then I receive replied to my pings, with 0% packet loss reported.
For example, if I type
code:
# ping google.ca
I am greeted with
code:
PING google.ca (64.233.187.104) 56(84) bytes of data.
Then I get to stare at that for a solid 4 or 5 seconds before I receive replies. So I know my DNS is doing name resolution properly and in a timely fashion to some degree since my ping command spits out an IP address instantly. But if I change my resolv.conf to my bluebox (10.0.0.1) or to an external DNS server (4.2.2.1 as an example), it works flawlessly with no hiccups at all, just like how my Windows boxes work. So it seems like the problem is with my DNS server, but then why can I get IP addresses right away?
It's REALLY annoying having to wait 4 or 5 seconds anytime I need to resolve a name. Most websites now will have 4 or 5 different names referenced in their adds, images, whatever, which results in pages that take forever to load. Even something simple like google appears instantly...once that 4 or 5 second delay is gone.
Someone please tell me they know how to fix this, 'cause it's driving me nuts. |
|
|
| sparkycivic |
| buy a d-link and get it over with... |
|
|
| dtjohnst |
quote:
Originally posted by sparkycivic
buy a d-link and get it over with...
So.......you blame the Bluebox despite the fact that it works fine if I use an external DNS server? |
|
|
| sparkycivic |
are the linux boxes using their own dns caches to resolve the IP's then having to wait for the 10.0.0.2 box to confirm it?
Where is teh DC/DNS box getting it's DNS information from?
it's starting to sound like the DC/DNS box is timing-out on it's primary/secondary connectivity |
|
|
| dtjohnst |
quote:
Originally posted by sparkycivic
are the linux boxes using their own dns caches to resolve the IP's then having to wait for the 10.0.0.2 box to confirm it?
Where is teh DC/DNS box getting it's DNS information from?
it's starting to sound like the DC/DNS box is timing-out on it's primary/secondary connectivity
The DNS server is forwarded to 10.0.0.1 (my Linksys firewall/gateway) for non-local addresses which subsequently forwards it to whatever Shaw assigns through DHCP.
I would agree the DNS server is timing out if it weren't for the fact that it works perfectly on the Windows boxes.
The linux boxes are not caching addresses. All resolution is coming from DNS, and it comes instantly. Rumour has it the latest glibc is botched and yields poor performance when using a Windows DNS. I'll try poking around and see if I can figure out why that is. |
|
|
| DoubleDown |
Jump on a Linux box experiencing the problem, and run:
strace ping google.ca
Watch where it hangs or repeats the same message a bunch of times over the 4 or 5 second period you're referring to, and post the results here. |
|
|
| SkiTLz |
Didn't read it all so might be way off.. etc/resolv.conf...
Btw. your DNS setup is ugly.. Let the DC use the root server to resolve WLAN domains.. |
|
|
| midnite |
quote:
Originally posted by dtjohnst
Then I get to stare at that for a solid 4 or 5 seconds before I receive replies. So I know my DNS is doing name resolution properly and in a timely fashion to some degree since my ping command spits out an IP address instantly. But if I change my resolv.conf to my bluebox (10.0.0.1) or to an external DNS server (4.2.2.1 as an example), it works flawlessly with no hiccups at all, just like how my Windows boxes work. So it seems like the problem is with my DNS server, but then why can I get IP addresses right away?
It's REALLY annoying having to wait 4 or 5 seconds anytime I need to resolve a name. Most websites now will have 4 or 5 different names referenced in their adds, images, whatever, which results in pages that take forever to load. Even something simple like google appears instantly...once that 4 or 5 second delay is gone.
Someone please tell me they know how to fix this, 'cause it's driving me nuts.
Well.. interesting problem. It's obviously a configuration issue on the linux clients if your windows ones are not having any problem.
Cat your resolv.conf files and post them here.
Do you have any
'search ...'
lines above the
'nameserver 10.0.0.2'
line in that file? |
|
|
| dtjohnst |
quote:
Originally posted by SkiTLz
Didn't read it all so might be way off.. etc/resolv.conf...
Btw. your DNS setup is ugly.. Let the DC use the root server to resolve WLAN domains..
If you didn't read it, you probably won't be of much help.
And if I had a choice in setting it up differently, I would. I'm testing this exact setup and using a crappy Windows based server for a reason. Given my free reign, I would use root servers for ALL resolutions and use hosts files and static IP's for my giant network of 5 whole machines.
@doubledown, you'll get about 200 lines of system calls and results, are you sure that's what you're looking for?
@midnite, I thought that myself, but then I don't understand why it works fine if I set it to use external DNS instead.
My resolv.conf files right now consist of
code:
nameserver 4.2.2.1
That's it. In the past I've tried using the nameserver's 10.0.0.2 by itself, with 10.0.0.1 as a backup, with 4.2.2.1 as a backup, I've also tried 10.0.0.1 by itself and 4.2.2.1 by itself. Both 10.0.0.1 and 4.2.2.1 work fine. Those both still work fine if I use my local search domain. I have the same problem of slow to start pinging if I use 10.0.0.2 whether I include a search domain or not.
As a side note, I've restarted my nscp service more than once to clear my resolver cache and I've tried turning mdns on and off in hosts, as well as setting multi on and off in hosts in all possible permutations to no avail.
The conclusion I've come to is that linux and windows don't want to play nice together.
Again, with a completely clear resolver cache, if I try to ping an external address with my Windows DNS server as the primary nameserver, the second I press enter after my ping command, I'm instantly greeting with "pinging site(ip address) with blah blah" and then it hangs for 4 or 5 seconds. If I pop the IP address that it spits out to me instantly into my browser, the page I pinged loads, so the IP's are correct and not coming from cache. |
|
|
| midnite |
quote:
Originally posted by dtjohnst
The conclusion I've come to is that linux and windows don't want to play nice together.
Again, with a completely clear resolver cache, if I try to ping an external address with my Windows DNS server as the primary nameserver, the second I press enter after my ping command, I'm instantly greeting with "pinging site(ip address) with blah blah" and then it hangs for 4 or 5 seconds. If I pop the IP address that it spits out to me instantly into my browser, the page I pinged loads, so the IP's are correct and not coming from cache.
I really doubt the windows server is to blame as your clients do get the DNS reply immediately. After the DNS server sends the packet with the IP address, it's work is done and it's out of the equation.
It seems to me that I've come across this (or a similar) problem before, and it strangely enough had something to do with IPv6. I can't remember all the details though, this was a year ago. It was trying to find hosts on the IPv6 space before it would flip down to IPv4. Let me see if I can figure out what I had done. It was the exact same symptom. |
|
|
| dtjohnst |
quote:
Originally posted by midnite
I really doubt the windows server is to blame as your clients do get the DNS reply immediately. After the DNS server sends the packet with the IP address, it's work is done and it's out of the equation.
It seems to me that I've come across this (or a similar) problem before, and it strangely enough had something to do with IPv6. I can't remember all the details though, this was a year ago. It was trying to find hosts on the IPv6 space before it would flip down to IPv4. Let me see if I can figure out what I had done. It was the exact same symptom.
And it affected linux only?
Incidently, I can easily get rid of all IPv6 configurations and force IPv4 only. I'll try that and get back to you. |
|
|
| DoubleDown |
quote:
Originally posted by dtjohnst
@doubledown, you'll get about 200 lines of system calls and results, are you sure that's what you're looking for?
Yep, although it's tough without seeing the strace actually happen. What you're looking for specifically in all those system calls, is what it's doing during the 4 or 5 second delay.
Paste the entire output in here, and bold whichever parts seem to happen during the 4 or 5 second delay. |
|
|
|
|
|
