[Cialug] Inconsistent consistently long DNS lookup times
Colin Burnett
cmlburnett at gmail.com
Tue Mar 9 19:52:44 CST 2010
As suggested, here is a dump of a DNS lookup from Firefox to cnn.com
(with a newline to separate the 5-second lag):
# tcpdump -n port 53
19:28:50.593375 IP 192.168.0.5.48330 > 205.171.3.65.53: 1157+ A? cnn.com. (25)
19:28:50.593398 IP 192.168.0.5.48330 > 205.171.3.65.53: 62369+ AAAA?
cnn.com. (25)
19:28:50.636422 IP 205.171.3.65.53 > 192.168.0.5.48330: 1157 6/0/0 A
157.166.224.26, A[|domain]
19:28:55.597407 IP 192.168.0.5.48330 > 205.171.3.65.53: 1157+ A? cnn.com. (25)
19:28:55.638248 IP 205.171.3.65.53 > 192.168.0.5.48330: 1157 6/0/0 A
157.166.226.25, A[|domain]
19:28:55.638297 IP 192.168.0.5.48330 > 205.171.3.65.53: 62369+ AAAA?
cnn.com. (25)
19:28:55.740946 IP 205.171.3.65.53 > 192.168.0.5.48330: 62369 0/1/0 (97)
19:28:55.945121 IP 192.168.0.5.52239 > 205.171.3.65.53: 27855+ A?
www.cnn.com. (29)
19:28:55.945145 IP 192.168.0.5.52239 > 205.171.3.65.53: 23911+ AAAA?
www.cnn.com. (29)
19:28:56.002990 IP 205.171.3.65.53 > 192.168.0.5.52239: 27855 6/0/0 A
157.166.224.25,[|domain]
So it sends an IPv4 request then an IPv6 request, gets an IPv4
response then tries both IPv4 and IPv6 again. Eventually it gets HTTP
redirected to www.cnn.com and lookups that domain.
I'm not sure why it does a second lookup. I'm looking at the packets
closer but thought I'd throw it out there for now.
Colin Burnett
More information about the Cialug
mailing list