[Unbound-users] Resolving of some special host very slow
staticsafe
me at staticsafe.ca
Wed Mar 5 17:45:46 UTC 2014
On 3/5/2014 08:24, lst_hoe02 at kwsoft.de wrote:
>
> Hello,
>
> today we discovered a hostname which is very slow to resolv with Unbound
> 1.4.21 as validating resolver. It works fine with all knid of other
> resolvers and oddly enough even with another Unbound instance.
> The host in question is esta.cbp.dhs.gov and resolve time after it is
> not in the cache range from around 2 to 5 seconds. I have take a tcpdump
> and can only see that the first answer come much faster but Unbound
> keeps asking for the same A record on different nameservers again and
> again.
>
> Any idea what is going wrong?
>
> Thanks
>
> Andreas
Noticing the same issue:
[root at lasciel system]# time dig esta.cbp.dhs.gov @::1
; <<>> DiG 9.9.2-P2 <<>> esta.cbp.dhs.gov @::1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33583
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;esta.cbp.dhs.gov. IN A
;; ANSWER SECTION:
esta.cbp.dhs.gov. 900 IN A 216.81.87.20
;; Query time: 2097 msec
;; SERVER: ::1#53(::1)
;; WHEN: Wed Mar 5 12:42:40 2014
;; MSG SIZE rcvd: 61
real 0m12.201s
user 0m0.060s
sys 0m0.010s
[root at ferrovax ~]# time dig esta.cbp.dhs.gov
; <<>> DiG 9.9.5 <<>> esta.cbp.dhs.gov
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14872
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 8, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;esta.cbp.dhs.gov. IN A
;; ANSWER SECTION:
esta.cbp.dhs.gov. 900 IN A 216.81.87.20
;; AUTHORITY SECTION:
dhs.gov. 86398 IN NS use1.akam.net.
dhs.gov. 86398 IN NS use3.akam.net.
dhs.gov. 86398 IN NS usw4.akam.net.
dhs.gov. 86398 IN NS asia2.akam.net.
dhs.gov. 86398 IN NS eur2.akam.net.
dhs.gov. 86398 IN NS usc2.akam.net.
dhs.gov. 86398 IN NS usw3.akam.net.
dhs.gov. 86398 IN NS asia3.akam.net.
;; Query time: 2406 msec
;; SERVER: ::1#53(::1)
;; WHEN: Wed Mar 05 17:43:57 UTC 2014
;; MSG SIZE rcvd: 223
real 0m2.519s
user 0m0.009s
sys 0m0.103s
First one is against an unbound instance, second is against a BIND instance.
Perhaps one of the authoritative NSes are slow to respond for whatever
reason?
--
staticsafe
More information about the Unbound-users
mailing list