DNS problems with linux

[btsdev]

This problem is occuring on two different linux machines in a house with 30 computers -- all of the rest are windows and not experiencing this problem.

192.168.1.254 is our gateway (netopia 3000 router) and it has a dns.

on every machine in the house (linux or windows), all pcs have 192.168.1.254 listed as the dns.

/etc/resolv.conf on linux #1
search
nameserver 192.168.1.254

/etc/resolv.conf on linux #2
nameserver 192.168.1.254

on both linux boxes, nslookups are This fast:
knoppix@ttyp0[knoppix]$ time nslookup -sil google.com > /dev/null
real 0m0.027s user 0m0.010s sys 0m0.000s

it's instant for any site with nslookup.

on either linux box, 'lynx google.com' takes like 20 seconds to get the page -- like 19 seconds to do the DNS lookup and 1 sec to retrieve the page.

with apps like mozilla that cache dns results, first time i go to a site, slow lookup; fast thereafter in subsequent web-fetches.

i had this problem for months but i'm so sick and tired of it. any ideas? thanks in advance.

 

[Nothinman]

You probably have an erroneous service listed for hostname lookups in /etc/nsswitch.conf

 

[btsdev]

Interesting idea. But i've never dealt with this file before, and even after reading man pages, I don't really know what to make of the contents of this file. Anyhow, both linux machines have identical entries:

knoppix@ttyp0[knoppix]$ cat /etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd: compat
group: compat
shadow: compat

hosts: files dns
networks: files

protocols: db files
services: db files
ethers: db files
rpc: db files

netgroup: nis

update: btw, pinging google.com is instant:

knoppix@ttyp0[knoppix]$ ping -c1 google.com
PING google.com (216.239.39.99): 56 data bytes
64 bytes from 216.239.39.99: icmp_seq=0 ttl=236 time=77.6 ms

--- google.com ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 77.6/77.6/77.6 ms

... and lynx'ing 216.239.39.99 (google's IP address) is instant.

 

[Nothinman]

So it just started working?

 

[btsdev]

Nope-- still having the same problems. trying to do 'lynx google.com' takes upwards of 20 seconds but doing 'nslookup google.com' is instantaneous and then doing 'lynx [google's ip address]' is also instantaneous.

I tried installing a dns server cache on my machine (dnsmasq) and pointing /etc/resolv.conf to localhost then the regular 192.168.1.254 dns server but it isn't helping the problem at all.

Any ideas?

 

[cmetz]

btsdev, remove that empty search line and put in a line in both that says:
domain whatever.com

Now run tcpdump -v and try lynx again. Is it doing a query right away or hanging before it does so? Please post the tcpdump output, that'll help.

 

[btsdev]

Cool idea. Thanks. Here's the tcpdump output. I ran 'lynx google.com' in another terminal.

tcpdump output at pastebin.com

edit: my IP is 192.168.1.104 and as I've listed earlier, the router is 192.168.1.254

 

[Jon855]

First of all, u said u have 30 computers? Damn ur a true GEEK

 

[cmetz]

btsdev, your problem is that Lynx is doing a AAAA lookup trying to resolve IPv6 address, and that's taking a long time to fail. That's why nslookup is instant, because you're not doing a nslookup on the AAAA record, only the A record.

The AAAA record lookup should fail more quickly, I don't really know why it isn't.

What distribution are you running? Do you have IPv6 configured on any interfaces? (hint: try ifconfig eth0 and see) Maybe your distro is turning it on by default and apps are trying to be "smart" and look up IPv6 addresses.

 

[jfall]

try this: echo "alias net-pf-10 off" >> /etc/modprobe.conf then reboot

 

[cmetz]

jfall, that only works on Red Hat flavored distributions

 

[Nothinman]

modprobe.conf should work the same on all distributions, module-init-tools reads it by default.

 

[btsdev]

ifconfig output:
eth0 Link encap:Ethernet HWaddr 00:09:5B:04:0C:9D
inet addr:192.168.1.104 Bcast:255.255.255.255 Mask:255.255.255.0
inet6 addr: fe80::209:5bff:fe04:c9d/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:844568 errors:0 dropped:0 overruns:0 frame:0
TX packets:430599 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:908090528 (866.0 MiB) TX bytes:37519004 (35.7 MiB)
Interrupt:17 Base address:0xb000

so I'll figure out how to disable ipv6 but just an fyi, i'm using debian and there's no such thing as an /etc/modprobe.conf file. instead us debian users have an /etc/modprobe.d/ directory

any ideas of how i can do an equivalent of adding that one-liner to a modprobe.conf file?

 

[btsdev]

Good news!

I blindly ignored the fact that debian doesn't have a /etc/modprobe.conf and I executed the command mentioned above. I also added

alias ipv6 off

And firefox is working as it should -- very quick lookups.

One problem still, though: for some reason, lynx, apt-get, irssi are still doing dog-slow look-ups. Any ideas?

 

[cmetz]

Nothinman, that's true, yet irrelevant. If you have IPv6 built into the kernel, then modprobe et al. are never part of the equation, and thus the protocol family cannot be disabled in that way. Or if your boot scripts manually load the module, instead of using automatic module loading.

btsdev, I don't know Debian enough to tell you specifically how to disable on that distribution, but make sure that ifconfig eth0 does not list an inet6 addr - that's a good first step.

 

[Nothinman]

Nothinman, that's true, yet irrelevant. If you have IPv6 built into the kernel, then modprobe et al. are never part of the equation, and thus the protocol family cannot be disabled in that way. Or if your boot scripts manually load the module, instead of using automatic module loading.

Who in their right mind builds IPv6 into the kernel unless they expect to use it? And I've never seen a distribution that loads ipv6 implicitly, although I'm sure if you look hard enough you'll find one.

btsdev, I don't know Debian enough to tell you specifically how to disable on that distribution, but make sure that ifconfig eth0 does not list an inet6 addr - that's a good first step.

Something else is wrong, I'm currently on a Debian machine and there's no delay loading google in lynx. I did a tcpdump and it does the AAAA lookup whether the interfaces have an IPv6 address or not.