Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Slow DNS response times if one DNS server is down

  1. #1
    Join Date
    Oct 2012
    Beans
    7

    Slow DNS response times if one DNS server is down

    Hi all,

    First post and just joined - so be kind J

    I'm totally new to Ubuntu / Linux.

    Let me give an overview of the setup first.
    About 60 Ubuntu 12.04 servers (64 bit) split across 2 sites. Most of the machines are VM's. Static IP addresses assigned and all servers are "kerberized". All servers are non-gui and each site has 1 dns server. All but 4 servers were 10.04 and recently upgraded to 12.04 LTS. The 4 servers are clean install of 12.04.

    My problem
    As part of DR testing, I bring one of the DNS servers down from one site and check how long it will take to resolve addresses across the sites.
    It can take about 30-50 secs for it starting to ping a device on the network. I have been looking at various sites and had a few discussions here at work, but not really getting much as I don’t have depth understanding of Linux.

    I have looked at the resolv.conf file and there it has entries of the 2 DNS servers. After research, I found if I put the line of “option timeout:1” it actually works. The response times are dramatically improved. But then I was told that in 12.04 version, the resolv.conf gets over written and shouldn’t be edited. I saw many sites referring to this, but their resolution is to put the data in tail, head and base files in /etc/resolvconf/resolv.conf.d. But when I check the upgraded servers, there is no folder.
    I did do a test where I wiped the settings in resolv.conf file and restarted the server to see if the settings get populated, but they didn’t. Also in the clean install of 12.04, in the resolv.conf file you see the following
    # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
    # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN”
    Where as in the upgraded boxes, there is nothing.


    I convinced myself that the solution of amending the resolv.conf was correct one until I was told not to touch it.

    Can some one please help me in either finding the correct solution of if one dns server goes down, the response times are acceptable or if I was going down the correct route? Ive seen resolvconf dameon, dnsmarq and others but not exactly sure what they are or how they could be used.

    Many thanks in advance for your help

    PetE

  2. #2
    Join Date
    Oct 2012
    Beans
    7

    Re: Slow DNS response times if one DNS server is down

    Hi all,

    Hopefully my question isnt too difficult. Have i posted this question in the wrong forum?

    Thanks
    PetE
    Last edited by S77N; October 3rd, 2012 at 04:39 PM.

  3. #3
    Join Date
    Nov 2008
    Location
    Boston MetroWest
    Beans
    16,326

    Re: Slow DNS response times if one DNS server is down

    No, but it touches upon a controversial issue with 12.04, the addition of resolvconf to this release. Many of us, myself included, think that this change has resulted in "collateral damage" while trying to solve a problem that most users do not routinely face.

    Before you go too far down this road, I'd try first adding servers to the static IP declarations in /etc/network/interfaces. In the stanza for eth0 add the line:

    Code:
    iface eth0 inet static
         ...
         dns-nameservers 127.0.0.1 10.1.1.1 10.1.1.2
    replacing the 10.x addresses with a couple of your other nameservers. Now restart the network, or reboot, and you should see resolv.conf now populated with matching "nameserver" entries. See if this resolves (pun intended) your timeout problem.

    If not, and you are forced to add the "option" statement to resolv.conf, you have to take a more brutal approach. One solution is to leave resolvconf installed, but replace the symlink that represents resolv.conf with an actual file that you create manually. Then you can use "chattr +i /etc/resolv.conf" to make the file "immutable" so resolvconf cannot overwrite it. You won't be able to edit the file either, unless you first turn off this attribute with "chattr -i /etc/resolv.conf". Another option is to uninstall the resolvconf package, which makes sense to me on servers.
    Last edited by SeijiSensei; October 3rd, 2012 at 12:57 PM.
    If you ask for help, do not abandon your request. Please have the courtesy to check for responses and thank the people who helped you.

    Blog · Linode System Administration Guides · Android Apps for Ubuntu Users

  4. #4
    Join Date
    Oct 2012
    Beans
    7

    Re: Slow DNS response times if one DNS server is down

    Hi SeijiSensei,

    many thanks for your help, I thought I was all alone on this one.

    I did try this by cleaning out the resolv.conf file and adding them to /etc/network/interfaces file but i didnt try for eth0. When I did restart the server, the resolv.conf was unpopulated and I was unable to resolve anything. I will try again tomorrow.

    I'm sorry I dont follow the symlink solution. I sort of understand understand of making the resolv.conf read only.

    I will test the first part and get back,
    once again many thanks

    PetE

  5. #5
    Join Date
    Nov 2006
    Location
    Craggy Island.
    Beans
    Hidden!
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: Slow DNS response times if one DNS server is down

    Thanks for the post SeijiSensei, I did not know this about 12:04
    Great to know

    Jonobr
    You can tell a man who boozes by the company he chooses, as the pig got up and slowly walked away.

  6. #6
    Join Date
    Oct 2012
    Beans
    7

    Re: Slow DNS response times if one DNS server is down

    Hi SeijiSensei,

    I tried what you said by entering the dns servers in the /etc/network/interfaces and restarted networking. I was unable to ping anything. It still uses resolv.conf. Before I restarted the interfaces, I put a # in front of the entries in the resolv.conf.

    I read some where you can uninstall resolvconf, but that failed as well. It says the is no package to uninstall.

    I though by restarting, I might get different results, but that made it worse. I was locked out as it uses Kerberos and if it can see the kerberos sever via dns it can autheicate. Luckliy it was a VM so i could break into it.

    I tried similar test on a clean install of 12.04 and yes the settings in resolv.conf get overwritten. So can I presume where the servers have been upgarded from 10.04 to 12.04, they arent effected by this new overwriting "feature" of 12.04?

    Please help and many thanks for advance,
    PetE

  7. #7
    Join Date
    Oct 2012
    Beans
    7

    Re: Slow DNS response times if one DNS server is down

    Hi,

    is there anyone out there who can help?

    Thanks

  8. #8
    Join Date
    Oct 2012
    Beans
    7

    Re: Slow DNS response times if one DNS server is down

    Or maybe tell me on whats the best method of making DNS resilient across sites.

    Thanks

  9. #9
    Join Date
    Oct 2012
    Beans
    7

    Re: Slow DNS response times if one DNS server is down

    Bump

  10. #10
    Join Date
    Mar 2005
    Beans
    211

    Re: Slow DNS response times if one DNS server is down

    Quote Originally Posted by SeijiSensei View Post
    No, but it touches upon a controversial issue with 12.04, the addition of resolvconf to this release. Many of us, myself included, think that this change has resulted in "collateral damage" while trying to solve a problem that most users do not routinely face.
    Please read /usr/share/doc/resolvconf/README.gz for a discussion of the reasons for introducing something like resolvconf.

    Before you go too far down this road, I'd try first adding servers to the static IP declarations in /etc/network/interfaces. In the stanza for eth0 add the line:

    Code:
    iface eth0 inet static
         ...
         dns-nameservers 127.0.0.1 10.1.1.1 10.1.1.2
    replacing the 10.x addresses with a couple of your other nameservers. Now restart the network, or reboot, and you should see resolv.conf now populated with matching "nameserver" entries.
    Right.

    See if this resolves (pun intended) your timeout problem.

    If not, and you are forced to add the "option" statement to resolv.conf, you have to take a more brutal approach. One solution is to leave resolvconf installed, but replace the symlink that represents resolv.conf with an actual file that you create manually. Then you can use "chattr +i /etc/resolv.conf" to make the file "immutable" so resolvconf cannot overwrite it.
    First of all, resolvconf won't overwrite /etc/resolv.conf. The program /sbin/resolvconf only ever writes to /run/resolvconf/resolv.conf. And the package postinst only makes one attempt to install the needed symlink at /etc/resolv.conf; it won't create the symlink again on upgrade.

    And if you run "dpkg-reconfigure" to cause resolvconf to install the symlink at /etc/resolv.conf again, it overrides the immutability attribute.

    So doing "chattr +i" on /etc/resolv.conf is neither necessary nor sufficient to protect the file from alteration.

    Another option is to uninstall the resolvconf package, which makes sense to me on servers.
    Resolvconf is now part of the base system. If you uninstall it then you are setting yourself up for problems in the future.

    Resolvconf is working well. Problems with resolvconf are almost always a result of (1) bad images prepared downstream from Ubuntu; (2) third-party tools which futz with /etc/resolv.conf; (3) administrator carelessness.

Page 1 of 2 12 LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •