dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
1019
share rss forum feed


Packeteers
Premium
join:2005-06-18
Forest Hills, NY
kudos:1
Reviews:
·Time Warner Cable

why does DNS take so long to work after login/off your VPN

i have tried half a dozen VPN providers, and i noticed they all have the same problem. when i login to my VPN and am assigned a dynamic IP by their router, i can ping any public IP directly within a few seconds of clearing my connection. however if i try to ping a web address that requires a DNS lookup, it may take between 30 and 90 seconds before such a DNS inquiry gets resolved.

now i know all about using my own DNS, the VPN's DNS, a third DNS, DNS leaks to my ISP, and all that stuff - but none of that matters (i tried various different solutions) I'm more interested in the simple mechanics of TCP/IP on why something that is supposed to work near the speed of light, takes so damn long to resolve properly.

i'm not entirely sure only DNS suffers. when i ping a multicast IP like a root DNS host server, I get a reply immediately, but when I ping an isolated fixed static IP such as a gaming server (that accepts pings), it will often go unresolved for a good 30 seconds before my VPN seems to "wake up" and start doing it's job.

what exactly is causing this "clamping delay" and is there any way to reduce it - as i need to login/out of my VPN several times each day.


HELLFIRE
Premium
join:2009-11-25
kudos:18

Either a routing issue or a DNS cache issue.

From a high level, TCP's just the messenger, but if you constantly break the path it has to take to get to its destination,
of course it's going to take some time to figure out a new path to take. Constantly enabling and disabling the VPN
basically is telling a person "take path A to go here, no wait, take path B, no wait, take path A..." If you were in
a car and was getting this for GPS directions, I'm sure you'd go crazy.

My 00000010bits

Regards



leibold
Premium,MVM
join:2002-07-09
Sunnyvale, CA
kudos:10
Reviews:
·SONIC.NET

said by HELLFIRE:

Either a routing issue or a DNS cache issue.

Shouldn't be routing issue since:
said by Packeteers:

i can ping any public IP directly within a few seconds of clearing my connection.

unless it is a selective issue only effecting some addresses.

DNS caching is much more likely, specifically the caching of negative results: a lookup fails during the connection change and the NXDOMAIN (non existent domain) response is cached. Subsequent search for the same domain returns cached response of NXDOMAIN despite the fact that the domain would resolve now.

Depending on the OS used the duration of this negative caching can be configured or disabled altogether. Alternatively there may be ways to flush the DNS cache.

Please note that it isn't just your computer that may have a DNS cache. Your home router may perform DNS caching as well.
--
Got some spare cpu cycles ? Join Team Helix or Team Starfire!