dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
1795
share rss forum feed

cp8

join:2008-05-14

Distributel DNS servers dropping UDP

I'm having issues with the Distributel DNS servers...

they're dropping between 5 and 30% of DNS queries.

Can anyone else verify?

[root@lightning ~]# while [ true ]; do time dig @209.195.95.95 www.google.ca +notcp > /dev/null ; sleep 1 ; done

real 0m5.061s
user 0m0.017s
sys 0m0.022s

real 0m0.096s
user 0m0.017s
sys 0m0.031s

209.197.128.2 is affected too.

+tcp works just fine, no timeouts. Sounds like their servers need to increase their UDP buffers!


nitzguy
Premium
join:2002-07-11
Sudbury, ON
said by cp8:

I'm having issues with the Distributel DNS servers...

they're dropping between 5 and 30% of DNS queries.

Can anyone else verify?

[root@lightning ~]# while [ true ]; do time dig @209.195.95.95 www.google.ca +notcp > /dev/null ; sleep 1 ; done

real 0m5.061s
user 0m0.017s
sys 0m0.022s

real 0m0.096s
user 0m0.017s
sys 0m0.031s

209.197.128.2 is affected too.

+tcp works just fine, no timeouts. Sounds like their servers need to increase their UDP buffers!

Call me crazy but....UDP is a connection-less protocol and doesn't have a guarantee whereas TCP does, unless this has changed in the last 10 years?

So...sounds like its doing what its supposed to do....guaranteeing TCP deliveries and "doing their best" on UDP delivery requests...

cp8

join:2008-05-14
Duh? My point was that there is an excessive amount of loss. A reliable link should have less than 1%. I'm seeing much more than that.

34764170

join:2007-09-06
Etobicoke, ON
said by cp8:

Duh? My point was that there is an excessive amount of loss. A reliable link should have less than 1%. I'm seeing much more than that.

That's definitely not normal. I'm making queries from a cable connection on TSI and I do not see this behaviour.


nitzguy
Premium
join:2002-07-11
Sudbury, ON
reply to cp8
said by cp8:

Duh? My point was that there is an excessive amount of loss. A reliable link should have less than 1%. I'm seeing much more than that.

Source? I stand by my points made above. Or, use another DNS server for your queries...


elwoodblues
Elwood Blues
Premium
join:2006-08-30
Somewhere in
kudos:2
You are absolutely correct Nitzguy, UDP is connectionless, TCP requires ack packets or it will re-transmit.

I have no idea why a DNS server would drop UDP packets, but yeah, use a different DNS server


nitzguy
Premium
join:2002-07-11
Sudbury, ON
said by elwoodblues:

You are absolutely correct Nitzguy, UDP is connectionless, TCP requires ack packets or it will re-transmit.

I have no idea why a DNS server would drop UDP packets, but yeah, use a different DNS server

Ok, so my 10+ year old knowledge stands....I was surprised I remembered this stuff...

Exactly, I don't use my own ISPs DNS and seem to do just fine with 4.2.2.1 as primary and 8.8.4.4 as secondary...


dupie

@shawcable.net
reply to cp8
said by cp8:

they're dropping between 5 and 30% of DNS queries.

Your loop only shows dns lookup timing, not any timeouts. How are determining the 5 to 30%?

Also to note, those servers have rate limiting enabled to help stop flooding/DoS attacks.

Can you try 209.197.128.5 and see if that gives you different results?

sehache

join:2010-07-25
Orleans, ON
reply to cp8
Thanks for the post.

Do not see the issue with 209.197.128.5, about 20ms. But on 209.197.128.2 seeing sporadically higher ms and even second values.

DNS server are getting upgraded so something is up.

cp8

join:2008-05-14

1 edit
Click for full size
I don't need schooling on the mechanics of UDP vs TCP. Grammar maybe, but I'm a network engineer by profession. I know very well I could simply just use another DNS server. But as a good internet citizen I figured I would post about it, for others to confirm, maybe even get fixed. These are the standard DNS servers given out to distributel customers and results in a rather poor Internet experience.

said by sehache:

Thanks for the post.

Do not see the issue with 209.197.128.5, about 20ms. But on 209.197.128.2 seeing sporadically higher ms and even second values.

DNS server are getting upgraded so something is up.

209.197.128.5 appears to be working fine. Queried for 5 mintues, no loss. 209.197.128.2 however is dropping frequently. See attached graph from my Zabbix server. Its configured for 1000ms timeout and 1 retry. So A query time of ~2000ms means two UDP packets in a row were dropped, which is very bad.

I have a second Internet connection with Teksavvy, and fwiw, their DNS servers have been fine.

34764170

join:2007-09-06
Etobicoke, ON

1 edit
reply to nitzguy
said by nitzguy:

Source? I stand by my points made above. Or, use another DNS server for your queries...

Way to state a point but completely miss what the real issue is. Your point is worth -2 cents.


dupie

@shawcable.net
reply to cp8
Excellent.

209.197.128.2 and 209.197.128.5 will become Distributel's new official nameservers given out to customers, so might want to change your system to use them.

The old ones will still work but the new ips have advantages with anycast failover and shortest routing.

You should be seeing an improvement on 209.195.95.95 now though, can you confirm?

cp8

join:2008-05-14
Click for full size
said by dupie :

Excellent.

209.197.128.2 and 209.197.128.5 will become Distributel's new official nameservers given out to customers, so might want to change your system to use them.

The old ones will still work but the new ips have advantages with anycast failover and shortest routing.

You should be seeing an improvement on 209.195.95.95 now though, can you confirm?

Cool. 209.197.128.2 & 209.195.95.95 are working much better now.