?
Solved

Big delay on DNS

Posted on 2003-03-09
3
Medium Priority
?
327 Views
Last Modified: 2010-03-18
Dear experts.

I have problem that my Linux box takes a quite long time to resolve an internet name for the first time. However, once the name is resolved, the next calling will be successfull without delay.

Linux box : Clark Connect 1.2 (Redhat 7.3 derivative)
local DNS : chaching DNS server (as installation, I didn't change anything)
Main DNS : other DNS server on my network
Firewall : accept everything but log it for the test.

Some examples are here
(My IP is masked to 1.2.3.4, My main DNS is masked to 1.2.3.1):
=========================
# nslookup -sil www.altavista.com
;; connection timed out; no servers could be reached

# nslookup -sil www.altavista.com
;; connection timed out; no servers could be reached

# nslookup -sil www.altavista.com
Server: 127.0.0.1
Address: 127.0.0.1#53

Non-authoritative answer:
Name: www.altavista.com
Address: 209.73.164.91
=========================
# ping www.lycos.com
ping: unknown host www.lycos.com
# ping www.lycos.com
ping: unknown host www.lycos.com
# ping www.lycos.com
PING www.lycos.com.akadns.net (209.202.192.25) from 1.2.3.4 : 56(84) bytes of data.
64 bytes from www.lycos.com (209.202.192.25): icmp_seq=1 ttl=243 time=31 ms
========================

This is the firewall log during the failed tests
==============================
Mar 10 05:35:31 rob01 kernel: Firewall ACC IN= OUT=eth0 SRC=1.2.3.4 DST=1.2.3.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=1068 DPT=53 LEN=40
Mar 10 05:35:36 rob01 kernel: Firewall ACC IN= OUT=eth0 SRC=1.2.3.4 DST=1.2.3.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=1025 DPT=53 LEN=40
Mar 10 05:35:37 rob01 kernel: Firewall ACC IN= OUT=eth0 SRC=1.2.3.4 DST=1.2.3.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=1068 DPT=53 LEN=40
==============================

Then this is the firewall log before the successfull test
==============================
Mar 10 05:35:42 rob01 kernel: Firewall ACC IN=eth0 OUT= SRC=1.2.3.1 DST=1.2.3.4 LEN=226 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=UDP SPT=53 DPT=1066 LEN=206
Mar 10 05:35:42 rob01 kernel: Firewall ACC IN= OUT=eth0 SRC=1.2.3.4 DST=1.2.3.1 LEN=254 TOS=0x00 PREC=0xC0 TTL=64 ID=49813 PROTO=ICMP TYPE=3 CODE=3 [SRC=134.115.8.33 DST=134.115.124.126 LEN=226 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=UDP SPT=53 DPT=1066 LEN=206 ]
===========================


Thank you for your help.

0
Comment
Question by:Kocil
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 15

Accepted Solution

by:
periwinkle earned 300 total points
ID: 8101056
look at your /etc/resolv.conf file and make certain that the nameservers are valid.  Also make certain that any of the domains in the Search line (if any) contain a valid server to search.

It sounds like perhaps you have some servers listed that are no longer valid?
0
 
LVL 22

Expert Comment

by:pjedmond
ID: 8107494
You need a line like:

nameserver 209.202.192.25


in your /etc/resolv.conf

Where the ip is the address of the DNS server - As you can actually ping the above nameserver, inserving the above line into your resolv.conf should solve the problem:)

0
 
LVL 15

Expert Comment

by:periwinkle
ID: 8111924
kocil - glad to have helped!
0

Featured Post

Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question