|
cp8
Member
2012-Dec-13 7:29 pm
Distributel DNS servers dropping UDPI'm having issues with the Distributel DNS servers...
they're dropping between 5 and 30% of DNS queries.
Can anyone else verify?
[root@lightning ~]# while [ true ]; do time dig @209.195.95.95 www.google.ca +notcp > /dev/null ; sleep 1 ; done
real 0m5.061s user 0m0.017s sys 0m0.022s
real 0m0.096s user 0m0.017s sys 0m0.031s
209.197.128.2 is affected too.
+tcp works just fine, no timeouts. Sounds like their servers need to increase their UDP buffers! |
|
nitzguy Premium Member join:2002-07-11 Sudbury, ON |
nitzguy
Premium Member
2012-Dec-13 9:23 pm
said by cp8:I'm having issues with the Distributel DNS servers...
they're dropping between 5 and 30% of DNS queries.
Can anyone else verify?
[root@lightning ~]# while [ true ]; do time dig @209.195.95.95 www.google.ca +notcp > /dev/null ; sleep 1 ; done
real 0m5.061s user 0m0.017s sys 0m0.022s
real 0m0.096s user 0m0.017s sys 0m0.031s
209.197.128.2 is affected too.
+tcp works just fine, no timeouts. Sounds like their servers need to increase their UDP buffers! Call me crazy but....UDP is a connection-less protocol and doesn't have a guarantee whereas TCP does, unless this has changed in the last 10 years? So...sounds like its doing what its supposed to do....guaranteeing TCP deliveries and "doing their best" on UDP delivery requests... |
|
|
cp8
Member
2012-Dec-13 9:29 pm
Duh? My point was that there is an excessive amount of loss. A reliable link should have less than 1%. I'm seeing much more than that. |
|
34764170 (banned) join:2007-09-06 Etobicoke, ON |
34764170 (banned)
Member
2012-Dec-14 2:14 am
said by cp8:Duh? My point was that there is an excessive amount of loss. A reliable link should have less than 1%. I'm seeing much more than that. That's definitely not normal. I'm making queries from a cable connection on TSI and I do not see this behaviour. |
|
nitzguy Premium Member join:2002-07-11 Sudbury, ON |
to cp8
said by cp8:Duh? My point was that there is an excessive amount of loss. A reliable link should have less than 1%. I'm seeing much more than that. Source? I stand by my points made above. Or, use another DNS server for your queries... |
|
|
elwoodbluesElwood Blues Premium Member join:2006-08-30 Somewhere in |
You are absolutely correct Nitzguy, UDP is connectionless, TCP requires ack packets or it will re-transmit.
I have no idea why a DNS server would drop UDP packets, but yeah, use a different DNS server |
|
nitzguy Premium Member join:2002-07-11 Sudbury, ON |
nitzguy
Premium Member
2012-Dec-15 7:08 am
said by elwoodblues:You are absolutely correct Nitzguy, UDP is connectionless, TCP requires ack packets or it will re-transmit.
I have no idea why a DNS server would drop UDP packets, but yeah, use a different DNS server Ok, so my 10+ year old knowledge stands....I was surprised I remembered this stuff... Exactly, I don't use my own ISPs DNS and seem to do just fine with 4.2.2.1 as primary and 8.8.4.4 as secondary... |
|
|
dupie to cp8
Anon
2012-Dec-15 6:46 pm
to cp8
said by cp8:they're dropping between 5 and 30% of DNS queries.
Your loop only shows dns lookup timing, not any timeouts. How are determining the 5 to 30%? Also to note, those servers have rate limiting enabled to help stop flooding/DoS attacks. Can you try 209.197.128.5 and see if that gives you different results? |
|
|
to cp8
Thanks for the post.
Do not see the issue with 209.197.128.5, about 20ms. But on 209.197.128.2 seeing sporadically higher ms and even second values.
DNS server are getting upgraded so something is up. |
|
1 edit |
cp8
Member
2012-Dec-15 10:54 pm
I don't need schooling on the mechanics of UDP vs TCP. Grammar maybe, but I'm a network engineer by profession. I know very well I could simply just use another DNS server. But as a good internet citizen I figured I would post about it, for others to confirm, maybe even get fixed. These are the standard DNS servers given out to distributel customers and results in a rather poor Internet experience. said by sehache:Thanks for the post.
Do not see the issue with 209.197.128.5, about 20ms. But on 209.197.128.2 seeing sporadically higher ms and even second values.
DNS server are getting upgraded so something is up. 209.197.128.5 appears to be working fine. Queried for 5 mintues, no loss. 209.197.128.2 however is dropping frequently. See attached graph from my Zabbix server. Its configured for 1000ms timeout and 1 retry. So A query time of ~2000ms means two UDP packets in a row were dropped, which is very bad. I have a second Internet connection with Teksavvy, and fwiw, their DNS servers have been fine. |
|
34764170 (banned) join:2007-09-06 Etobicoke, ON 1 edit |
to nitzguy
said by nitzguy:Source? I stand by my points made above. Or, use another DNS server for your queries... Way to state a point but completely miss what the real issue is. Your point is worth -2 cents. |
|
|
dupie to cp8
Anon
2012-Dec-16 3:39 am
to cp8
Excellent.
209.197.128.2 and 209.197.128.5 will become Distributel's new official nameservers given out to customers, so might want to change your system to use them.
The old ones will still work but the new ips have advantages with anycast failover and shortest routing.
You should be seeing an improvement on 209.195.95.95 now though, can you confirm? |
|
|
cp8
Member
2012-Dec-16 11:48 am
said by dupie :Excellent.
209.197.128.2 and 209.197.128.5 will become Distributel's new official nameservers given out to customers, so might want to change your system to use them.
The old ones will still work but the new ips have advantages with anycast failover and shortest routing.
You should be seeing an improvement on 209.195.95.95 now though, can you confirm? Cool. 209.197.128.2 & 209.195.95.95 are working much better now. |
|