Hurricane Electric's IPv6 Tunnel Broker Forums

Advanced search  

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Author Topic: Slow DNS Responses  (Read 59 times)

cmeerw

  • Newbie
  • *
  • Posts: 1
Slow DNS Responses
« on: November 27, 2022, 09:08:52 AM »

I am seeing very slow DNS responses (in the range of 1 to 2 seconds) from he.net's servers. Querying the same name again is then fast (presumably because it's then served from the cache). This also seems to affect HE's own zone, not just user zones served by he.net, e.g.

Code: [Select]
$ host -vt ns bar.he.net ns5.he.net
Trying "bar.he.net"
Using domain server:
Name: ns5.he.net
Address: 2001:470:500::2#53
Aliases:

Host bar.he.net not found: 3(NXDOMAIN)
Received 79 bytes from 2001:470:500::2#53 in 1444 ms
Received 79 bytes from 2001:470:500::2#53 in 1444 ms
$ host -vt ns bar.he.net ns5.he.net
Trying "bar.he.net"
Using domain server:
Name: ns5.he.net
Address: 2001:470:500::2#53
Aliases:

Host bar.he.net not found: 3(NXDOMAIN)
Received 79 bytes from 2001:470:500::2#53 in 8 ms
Received 79 bytes from 2001:470:500::2#53 in 8 ms
Logged

mhoran

  • Newbie
  • *
  • Posts: 2
Re: Slow DNS Responses
« Reply #1 on: November 27, 2022, 09:51:43 AM »

I've been seeing this across all my HE.net hosted zones since about Wednesday. Historically I've seen timeouts across HE.net DNS servers sporadically, but since Wednesday it has gotten really bad.

I'm not sure what is happening, since these servers are authoritative for my domains (as well as HE.net). So the cache shouldn't be expired/purged. Since it's an anycast network there could be some misbehaving DNS servers in the pool.

The behavior I see is quite odd. If I hit a particular name server the first request will take 1.5 seconds or longer (and timeout) and then a subsequent request will resolve quickly. Waiting a few seconds I'll then see another slow request from the same nameserver. Again, this is a new issue, though HE.net DNS servers have been sporadically timing out for the better part of a year according to my monitoring reports.

I've had to look at alternatives since my domains are pretty much unresolvable at this point. But it'd be great if this were fixed!
Logged