• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Main Menu

Slow DNS Responses

Started by cmeerw, November 27, 2022, 09:08:52 AM

Previous topic - Next topic

cmeerw

I am seeing very slow DNS responses (in the range of 1 to 2 seconds) from he.net's servers. Querying the same name again is then fast (presumably because it's then served from the cache). This also seems to affect HE's own zone, not just user zones served by he.net, e.g.


$ host -vt ns bar.he.net ns5.he.net
Trying "bar.he.net"
Using domain server:
Name: ns5.he.net
Address: 2001:470:500::2#53
Aliases:

Host bar.he.net not found: 3(NXDOMAIN)
Received 79 bytes from 2001:470:500::2#53 in 1444 ms
Received 79 bytes from 2001:470:500::2#53 in 1444 ms
$ host -vt ns bar.he.net ns5.he.net
Trying "bar.he.net"
Using domain server:
Name: ns5.he.net
Address: 2001:470:500::2#53
Aliases:

Host bar.he.net not found: 3(NXDOMAIN)
Received 79 bytes from 2001:470:500::2#53 in 8 ms
Received 79 bytes from 2001:470:500::2#53 in 8 ms

mhoran

I've been seeing this across all my HE.net hosted zones since about Wednesday. Historically I've seen timeouts across HE.net DNS servers sporadically, but since Wednesday it has gotten really bad.

I'm not sure what is happening, since these servers are authoritative for my domains (as well as HE.net). So the cache shouldn't be expired/purged. Since it's an anycast network there could be some misbehaving DNS servers in the pool.

The behavior I see is quite odd. If I hit a particular name server the first request will take 1.5 seconds or longer (and timeout) and then a subsequent request will resolve quickly. Waiting a few seconds I'll then see another slow request from the same nameserver. Again, this is a new issue, though HE.net DNS servers have been sporadically timing out for the better part of a year according to my monitoring reports.

I've had to look at alternatives since my domains are pretty much unresolvable at this point. But it'd be great if this were fixed!

revolt112

Hi,

i have mailed dnsadmin about this issue and they replied to me:


Hello,

The recent DNS resolution issues should be resolved at this point.

Please test again and let us know if you still see any issues.

Regards,

Roman
HE Support
AS6939

---- Original message ----

Dear DNS-Admins,

i would like to inform you about a recent issue:

host -vt ns synology.thefirewall.de ns5.he.net
Trying "synology.thefirewall.de"
Using domain server:
Name: ns5.he.net
Address: 216.66.80.18#53
Aliases:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18019
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;synology.thefirewall.de. IN NS

;; AUTHORITY SECTION:
thefirewall.de. 172800 IN SOA ns1.he.net. hostmaster.he.net. 2022111700
86400 7200 3600000 172800

Received 98 bytes from 216.66.80.18#53 in 1340 ms


You DNS replies are really slow, sometimes they even timeout... Also
this issue hits he.net own domains as well and not just the user ones.

For  Example:

host -vt ns bgp.he.net ns5.he.net
Trying "bgp.he.net"
Using domain server:
Name: ns5.he.net
Address: 216.66.80.18#53
Aliases:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59397
;; flags: qr aa rd; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;bgp.he.net. IN NS

;; ANSWER SECTION:
bgp.he.net. 86400 IN NS ns2.he.net.
bgp.he.net. 86400 IN NS ns1.he.net.
bgp.he.net. 86400 IN NS ns5.he.net.
bgp.he.net. 86400 IN NS ns3.he.net.
bgp.he.net. 86400 IN NS ns4.he.net.

Received 118 bytes from 216.66.80.18#53 in 1428 ms