getting slow response to my dns lookups.
I am running windows 7 with firefox browser and lots of my dns requests are slow. When I go to a page I haven't been to for a few hours, it can take upwards of 5-10 seconds to load. In the lower corner, the status area shows that it's "Looking up xyz.com" (or whatever domain address it needs). If the page I'm looking at reference a style page at a different domain (e.g. a CDR domain) , I'll sometimes end up with the text of the page completely unformatted.
What I've done to kind of fix some of the problems is to create a page that just has a series of images from a bunch of different pages that I regularly visit, then put in javascript code to reload the page every 30 second. This is often enough to keep those domains in my cache. With that, when i visit those pages, they load almost immediately. New pages still take 5-10 seconds to start loading.
I am using your DNS directly from my computer (rather than from my router). When I ping your servers, I am getting a response time of 20-25ms (both 220 and 222).
-
Post the complete plain text output of the following commands:
nslookup -type=txt debug.opendns.com.
tracert 208.67.222.222
tracert 208.67.220.220Further, in order to see the real DNS response times, not the ones felt through surfing experience, you may use this program:
http://www.nirsoft.net/utils/dns_query_sniffer.html
For general optimization of your TCP settings use this: http://www.speedguide.net/downloads.php -
Server: resolver1.opendns.com
Address: 208.67.222.222
debug.opendns.com text =
"server 1.pao"
debug.opendns.com text =
"flags 20 0 2f6 2000000001"
debug.opendns.com text =
"id 1801376"
debug.opendns.com text =
"source 174.65.72.87:15248"***********************************
Tracing route to resolver1.opendns.com [208.67.222.222]
over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms 10.0.0.1
2 8 ms 9 ms 7 ms 10.173.0.1
3 15 ms 9 ms 9 ms fed1cmtk07-gex030000.sd.sd.cox.net [68.6.11.238]
4 * * * Request timed out.
5 8 ms 7 ms 7 ms fed1dsrj02-xe130.0.rd.sd.cox.net [68.6.8.4]
6 23 ms 22 ms 21 ms 68.1.5.188
7 21 ms 25 ms 28 ms ae-6.r05.plalca01.us.bb.gin.ntt.net [129.250.194.141]
8 29 ms 32 ms 33 ms ae-2.r06.plalca01.us.bb.gin.ntt.net [129.250.5.238]
9 25 ms 23 ms 21 ms ge-0-7-0-31.r06.plalca01.us.ce.gin.ntt.net [140.174.21.166]
10 21 ms 22 ms 27 ms resolver1.opendns.com [208.67.222.222]
Trace complete.
***********************************Tracing route to resolver2.opendns.com [208.67.220.220]
over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms 10.0.0.1
2 13 ms 8 ms 7 ms 10.173.0.1
3 18 ms 8 ms 9 ms fed1cmtk07-gex010000.sd.sd.cox.net [68.6.11.236]
4 * * * Request timed out.
5 8 ms 7 ms 7 ms fed1dsrj01-xe130.0.rd.sd.cox.net [68.6.8.0]
6 23 ms 21 ms 21 ms 68.1.5.188
7 22 ms 21 ms 21 ms ae-6.r05.plalca01.us.bb.gin.ntt.net [129.250.194.141]
8 29 ms 30 ms 29 ms ae-2.r06.plalca01.us.bb.gin.ntt.net [129.250.5.238]
9 24 ms 22 ms 21 ms ge-0-7-0-31.r06.plalca01.us.ce.gin.ntt.net [140.174.21.166]
10 23 ms 22 ms 22 ms resolver2.opendns.com [208.67.220.220]
Trace complete.I downloaded and tried to run the dns sniffer program, but I must have done something wrong as it didn't sniff any of my dns queries.
-
You're located around San Diego, ISP Cox.net, and you're using the OpenDNS server location in Palo Alto which should be fine. Your IP address 174.65.72.87 is registered with OpenDNS network ID 1801376. Your latency to the OpenDNS servers is acceptable. That said, I can't see a DNS problem, at least not at the time when you posted the outputs.
Regarding the DNS Sniffer program, read its instructions. You must probably install Wincap or another. After starting the program, you must select the *right* internet connection you want to have monitored (there are often more than one). It's worth the efforts in your case, because it clearly can show the DNS response time for each query.
Also, try to optimize your TCP settings with the other program. The defaults on Windows are far from being optimal. You must first measure and set your MTU, and then you can optimize the rest of the parameters.
-
after switching to open dns all domain name requests take 10 times longer than before. I have a very fast fiber connection to the internet. Navigating to an ip is instant but going to that same machine through a domain name takes 30 seconds and often just fails or times out. I thought maybe it was an outtage so i continued to use it for a few more weeks. It was consistently slow and often failed. I cannot recommend this product for anyone. It is terrible.
-
ipadfl, it's a service, not a product, and your anecdote does not constitute data. Millions of people use OpenDNS quite successfully, some with an experience better than their ISP provides.
Do you have any actual data on how name resolution took 10x longer? Do the data show that the response time latency was caused by the resolvers? Do you realize that you can actually look to see if there is an outage?
For a service with almost entirely empirically testable features, an awful lot of people recommend, or recommend against, OpenDNS with fact-free opinions. But thanks for pulling up an old thread to share them.
-
wow. i sure hope a lo of people read your answer. You are clearly not an employee of this organization. Proof that opendns has no accountability or customer service ethics standards or followed mission statement.
Yes i have data that shows it is your product that is slow consistently. switching to my isp dns servers fixed the problem.
Do customers a favor and don't take bad news personally. Get your personal value from something else.
-
You missed to come up with measurable facts. Try this one to give your statements a rational base:
https://www.grc.com/dns/benchmark.htm -
thanks for the reply and the link. That was very rational and calm and collected. I may look into where in the route it is slow but for now i am proceeding with a simple content filtering solution for my ubuntu firewall and using my ISP provided local DNS servers. I kinda like that solution because it can't be bypassed by simply putting in another dns server in the users network settings. It could just be that i am way down here in south florida. If i decide to come back i'll toss in some benchmarks. Thank you again for the reply and link! Take care.
Dave -
I went back and tried the dns query sniffer program again and this time it seemed to work (or at least started up).
When I run it, all of the response times, durations, and response codes are blank. I didn't see an option for how to turn those fields on/off. I did notice that frequently there are six to eight entries for a single domain name that all have the same 'query ID' that spans about eight seconds from the earliest to the latest. Each query also seems to go through a different port number, which ranges from 49154 to 65492.
As a stopgap measure, I created a local html file that just attempts to load an image (x.jpg) from the various sites that I frequent and it automatically reloads itself every 30 seconds. This was so that those domain names would hopefully always be in my local cache. Even with that, the names I have listed in their are showing up in the dns logs as frequently having 8ish entries under the same query id.
I would really like to be able to get this resolved. As it is right now, I often times have to reload pages after 10 seconds to get it to load up right as the browser has likely timed out waiting for stuff (e.g. common css formatting files), so I have to reload in order for the browser to resolve the css file's location.
-
I did a little more experimenting. I switched my local dns server (settings on my computer) to google's public dns server. The number of repeat lookups dramatically reduced. My reloader page attempts to display images from about 30 domain names. With google's dns, most of the names only show up once in the dns query sniffer. When the page automatically reloads, no new entries show up in the sniffer. When set to openDNS, reloading the page seems to do another dns lookup for all the domain names in there. It is almost as if the cache duration (time to live?) value coming back from openDNS is getting messed up (making it too short and causing excess lookups).
With google's dns, the ones that do show up in the sniffer are all single line entries. It doesn't seem to have any multiple reattempts for any of them the way they do when doing a lookup with opendns.
-
with openDNS:
Host Name Port Number Query ID Request Type Request Time Response Time Duration Response Code Records Count A CNAME AAAA NS MX SOA PTR SRV Source Address Destination Address IP Country
myip.opendns.com 59499 CD43 A 1/2/2014 2:13:41 AM.296 0 10.0.0.101 208.67.222.222C:>nslookup -type=txt debug.opendns.com
Server: resolver1.opendns.com
Address: 208.67.222.222
Non-authoritative answer:
debug.opendns.com text = "server 3.pao"
debug.opendns.com text = "flags 20 0 2f6 2000000001"
debug.opendns.com text = "id 1801376"
debug.opendns.com text = "source 174.65.58.173:24708"with google's dns: (after doing a ipconfig/flushdns)
Host Name Port Number Query ID Request Type Request Time Response Time Duration Response Code Records Count A CNAME AAAA NS MX SOA PTR SRV Source Address Destination Address IP Country
myip.opendns.com 53361 6EDC A 1/2/2014 4:43:04 AM.720 0 10.0.0.101 8.8.8.8(for some reason, dnsquery sniffer isn't showing any values for the response time, duration, response code, or a bunch of the other columns). But my perception is that it's a whole lot faster with google's from what I see in my browser window. If the page I'm attempting to load references a css file elsewhere on the internet, with openDNS at least half the time the css address doesn't resolve and thus doesn't load. With google's, I've yet to see a problem loading css files from off sites. Also the status shows "Looking up xyz.com" for only fractions of a second with google's and several seconds with OpenDNS's.
-
Regarding the DNS Query Sniffer:
View > Select Colums > (Select all)
Then leave the sniffer running for a while, for example with your special page, for both OpenDNS and Google DNS.
View > HTML Report - All Items
Post the resulting report.html as an attachment here ("Attach file").
Did you also run the benchmark program (https://www.grc.com/dns/benchmark.htm) with any insights coming out?
-
O.K. So this problem is happening for me as well. I don't see a real resolution, so I am going to post my findings and my concerns. I don't use Windows 7, but my wife does and I finally got tired of listening to her complain. We use OpenDNS configured at the router with the order as specified in our account details.
I observed a long delay >5 seconds from her browser, for both Pandora.com and facebook.com in her browser, opened a command prompt, then issued an nslookup for facebook.com. The resolution came back in less than a second and the browser immediately populated with the result. This has been reproduced after waiting for as much as 10 seconds. Once the resolution is done at the command prompt, the browser responds.
This is a random occurrence and is usually over before I can collect more data. OTOH, I have never experienced this from my Mac or Linux systems.
We have a 1Gbit internet connection and a 300Mbit Wireless network.
If someone has some suggestions on how to collect data between the browser and the dns call in an automated fashion, I am interested.
DNS-Benchmark-output.txt.txt -
The test will not reveal much (and it doesn't), because it is doing the same thing as nslookup. Since the problem is apparently with the browser, You can try this too see what is happening when the browser executes queries while there is a problem. http://www.nirsoft.net/utils/dns_query_sniffer.html
-
We in Sydney Australia are getting very slow performance of OpenDNS and it's been ongoing for the past few weeks. For example:
tracert 208.67.222.222
Tracing route to resolver1.opendns.com [208.67.222.222]
over a maximum of 30 hops:1 <1 ms <1 ms <1 ms 192.168.1.1
2 21 ms 37 ms 14 ms 10.50.0.1
3 * * * Request timed out.
4 * * * Request timed out.
5 * * * Request timed out.
6 39 ms 117 ms 132 ms 59.154.142.84
7 11 ms 18 ms 11 ms te3-2.sclarbrdr01.aapt.net.au [203.8.183.46]
8 * * 16 ms lag41.sclarinte01.aapt.net.au [202.10.14.201]
9 15 ms 11 ms 11 ms 59-100-239-14.syd.static-ipl.aapt.com.au [59.100.239.14]
10 238 ms 215 ms 26 ms 202.68.65.21
11 427 ms 332 ms 249 ms 202.68.65.150
12 226 ms 223 ms 217 ms resolver1.opendns.com [208.67.222.222]This has happened before I believe as there is routing through Singapore back to the US, though I understood there is a OpenDNS server in Sydney.
Any ideas?
-
This would be an issue with your ISP, OpenDNS, routing tables, or something else, though from everything you said it sounds like some sort of routing table or other configuration issue with your ISP. None of these are something you can address or fix. Nor can the other OpenDNS users in this forum do anything about it since we don't have access to the back ends that are dealing with this. You should open a support ticket with OpenDNS as a first step towards resolving this. More than likely they'll tell you it's an ISP issue, but at least you'd have some technical information to provide your ISP to strengthen your case to get them to actually look into it.
Please sign in to leave a comment.
Comments
18 comments